MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1de49d29d2f5c485ef935ce6f50176272745d32d258f5996f029f4e78a614af7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Kutaki


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1de49d29d2f5c485ef935ce6f50176272745d32d258f5996f029f4e78a614af7
SHA3-384 hash: 9bf91ce7d2974acf03d627f41c3a2e57767aba7d30752b89a39ad33adc773b362a5133a8aac667d7f1dc74212e21571f
SHA1 hash: c457eb69ef65e0c02c330f5f2fb0e6e47b8d6a7b
MD5 hash: 5cd9d49f5cad5e0910e90ce8183b4366
humanhash: comet-india-wolfram-nineteen
File name:New Order.scr
Download: download sample
Signature Kutaki
Create hunting rule
File size:647'168 bytes
First seen:2020-08-05 08:24:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 71eb70ba070c495ab8b0ad51c7c37fc4 (4 x Kutaki)
ssdeep 12288:oVbtTqKSf3MinkOfcDF/Ht6846A9jmP/uhu/yMS08CkntxYR3:oVbtTqKSf9jcDFUPfmP/UDMS08Ckn3a
Threatray 693 similar samples on MalwareBazaar
TLSH C0D4AD17E580B10EE523C0F26965A26B2E142D795244AC4BF7C4AF4D79B26E3ACF170F
Reporter abuse_ch
Tags:Kutaki scr


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hrcollaborators.com
Sending IP: 167.114.43.83
From: EOS JEWELRY<smtpfox-7czqd@hrcollaborators.com>
Subject: New Order
Attachment: New Order.rar (contains "New Order.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.MulDrop13.37154.28588.16416.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Running batch commands
Creating a process with a hidden window
Sending a UDP request
Creating a file
Searching for the window
Deleting a recently created file
Replacing files
Result
Threat name:
Kutaki
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/410551
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Yara detected Kutaki Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1de49d29d2f5c485ef935ce6f50176272745d32d258f5996f029f4e78a614af7/
Threat name:
Win32.Spyware.Kutaki
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 08:26:08 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
25 of 29 (86.21%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dxsj2kos6xcil34tlttpkalwe4tuluznewhvtfxqfh2opctbjl3q._file
Verdict:
malicious
Similar samples:
068608c39b0bfe4a6e20490f60b23a186825d9c444e540a9803b69ae586f35c3
Kutaki
0f88360504d8d31ba8c9313f9237e0e0e65cce7670291fd948db57a8a21eb5df
Kutaki
24a1e4d82d8a6b9594aa9bc4d26df0f212c6b2cf48964fdd46cdad6c03782a1f
Kutaki
2bd4a68bf90d7d007980c8c9a6ca3859507d6f8ad00c4d53b859ffe9e7311751
Kutaki
3174e8d8ef60806faa8b1e19a54ad0d89912ad75bbe63af481c5007af6fe1ea0
Kutaki
3460bddb22bbd2c03da5dbcc68e6ce1d54cfb1d5991196eff039acb093d96307
Kutaki
754b203cb7ca6224a217e4187151adb437574b95fe15fd1bb7ab887cffad8bce
Kutaki
b295967168e9fc2f06437a12689122301171650aa213095bda2c1260d8f3c607
Kutaki
bccc23b47532cc1b95e61602152160960a31ae993aa85bf4f8448d8ea41212dd
Kutaki
e42e9a9d0222fd8eecd5b406ceb2ab65a9c965d9f3d5d11043ea84a69349f432
Kutaki
+ 683 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200805-arnebas9fa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Loads dropped DLL
Drops startup file
Drops startup file
Executes dropped EXE
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1de49d29d2f5c485ef935ce6f50176272745d32d258f5996f029f4e78a614af7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Kutaki

rar 8b2dbc222287d4a3528f1b452e37e4a609d2503302a9cb5f5955ec9b34f67f9b

Kutaki

Executable exe 1de49d29d2f5c485ef935ce6f50176272745d32d258f5996f029f4e78a614af7

(this sample)

  
Dropped by
MD5 80f2cc0404dc8dab053a3b5d5c777210
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/39193/
  
Dropped by
SHA256 8b2dbc222287d4a3528f1b452e37e4a609d2503302a9cb5f5955ec9b34f67f9b

Comments