General
-
Target
f85699f0c3bca198228a5af7de67ecba_JaffaCakes118
-
Size
560KB
-
Sample
240926-n93b1awdqk
-
MD5
f85699f0c3bca198228a5af7de67ecba
-
SHA1
56f4a24a398dae4e6e47d62832144673b3486f9f
-
SHA256
4c1bc4e929ba5c02a4fbba9b7bb3eb728a3f4e010e04a9c10189487c1843085e
-
SHA512
b170c937b015ae6a2ae98ae609f2c6626130681b95d45089d99d9bed9b8fffc54b170b1f69d0d2b64acbf8d3282e08e45b5accbdbbc753dbaa13d6ff510e3582
-
SSDEEP
6144:Qo18eOaj6RFu8Ogc+ICwVDhvrb1JA2vbyWg3Ti9ptZdACz+0hRFQDOcYd/auoFn4:Qaj6XO1X1fTnTjOuRFQGSPI5eLX+
Malware Config
Extracted
kutaki
http://maregatu.club/paapoo/pove.php
http://terebinnahi.club/sec/kool.txt
Targets
-
-
Target
f85699f0c3bca198228a5af7de67ecba_JaffaCakes118
-
Size
560KB
-
MD5
f85699f0c3bca198228a5af7de67ecba
-
SHA1
56f4a24a398dae4e6e47d62832144673b3486f9f
-
SHA256
4c1bc4e929ba5c02a4fbba9b7bb3eb728a3f4e010e04a9c10189487c1843085e
-
SHA512
b170c937b015ae6a2ae98ae609f2c6626130681b95d45089d99d9bed9b8fffc54b170b1f69d0d2b64acbf8d3282e08e45b5accbdbbc753dbaa13d6ff510e3582
-
SSDEEP
6144:Qo18eOaj6RFu8Ogc+ICwVDhvrb1JA2vbyWg3Ti9ptZdACz+0hRFQDOcYd/auoFn4:Qaj6XO1X1fTnTjOuRFQGSPI5eLX+
Score10/10-
Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
-
Kutaki Executable
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-