General
-
Target
fa042e8a0d68b71d32f542f32867b540_JaffaCakes118
-
Size
840KB
-
Sample
240927-jr3gtsvglf
-
MD5
fa042e8a0d68b71d32f542f32867b540
-
SHA1
47782c5a168077e676e1cb7cbcd5776d012544cd
-
SHA256
12869439e685998781384fdaf2c391675a364dc4bbcdd44123fe2d74f2852a61
-
SHA512
ea605a2585fbf464c32b18b6b03053edbf3082e4b82f1462feca62374eea1d27b8366962543783ec540e2ce8f5f6ad6dc9d57b8de63af5f76e80c069b1f34d73
-
SSDEEP
24576:jMq1NY2oyR2I7NlC/VG96r1/kGlVZshDhwd:wye/U9E19lPshwd
Malware Config
Targets
-
-
Target
fa042e8a0d68b71d32f542f32867b540_JaffaCakes118
-
Size
840KB
-
MD5
fa042e8a0d68b71d32f542f32867b540
-
SHA1
47782c5a168077e676e1cb7cbcd5776d012544cd
-
SHA256
12869439e685998781384fdaf2c391675a364dc4bbcdd44123fe2d74f2852a61
-
SHA512
ea605a2585fbf464c32b18b6b03053edbf3082e4b82f1462feca62374eea1d27b8366962543783ec540e2ce8f5f6ad6dc9d57b8de63af5f76e80c069b1f34d73
-
SSDEEP
24576:jMq1NY2oyR2I7NlC/VG96r1/kGlVZshDhwd:wye/U9E19lPshwd
Score10/10-
Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
-
Kutaki Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-