General
-
Target
Payment Confirmation.exe
-
Size
529KB
-
Sample
240723-1v1abatglg
-
MD5
d998b9339c956239dc2199b761501441
-
SHA1
39f82f942c9de8cd0207e8bacc221351469938a7
-
SHA256
aacf855f3810c4aa02e714dae8c8da78b8d8bfbaa041aa85ddfbdb83c3ade756
-
SHA512
0a50c1ee25e052081346a5cc2e7090a413f8d91baaca2d5f45fbc9c08a2f6dc7cf93f0417f24ac59cd7a4f4abd0f8e80abe48ef6773af312072012f4c0e8ab6c
-
SSDEEP
12288:XFZ5tWdM8H4+iH88V7kVC46A9jmP/uhu/yMS08CkntxYRCL:XGE+iZ7kVtfmP/UDMS08Ckn3h
Malware Config
Extracted
kutaki
http://newlinkwotolove.club/love/three.php
Targets
-
-
Target
Payment Confirmation.exe
-
Size
529KB
-
MD5
d998b9339c956239dc2199b761501441
-
SHA1
39f82f942c9de8cd0207e8bacc221351469938a7
-
SHA256
aacf855f3810c4aa02e714dae8c8da78b8d8bfbaa041aa85ddfbdb83c3ade756
-
SHA512
0a50c1ee25e052081346a5cc2e7090a413f8d91baaca2d5f45fbc9c08a2f6dc7cf93f0417f24ac59cd7a4f4abd0f8e80abe48ef6773af312072012f4c0e8ab6c
-
SSDEEP
12288:XFZ5tWdM8H4+iH88V7kVC46A9jmP/uhu/yMS08CkntxYRCL:XGE+iZ7kVtfmP/UDMS08Ckn3h
Score10/10-
Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
-
Kutaki Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-