MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39d176c59fce7adab56191645e64f1092a405db9c2c85dc9fe78d419d70f5b6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Kutaki


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39d176c59fce7adab56191645e64f1092a405db9c2c85dc9fe78d419d70f5b6c
SHA3-384 hash: 60e170597135f2abc7e28a146418fe65bafbbfaed7ad9e20841fcc3d217412332c31bd885eeec8faa94468cfb80fab2e
SHA1 hash: 06413525306e162647dfee5bd6409f3f53534cbf
MD5 hash: c760a08c71b16f8de88eba514f28add8
humanhash: oxygen-twenty-bacon-one
File name:RAZ_AUTOS.cmd
Download: download sample
Signature Kutaki
Create hunting rule
File size:1'196'032 bytes
First seen:2020-10-07 04:46:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 339420629791b54876a6782e0b2f5f07 (2 x Kutaki)
ssdeep 12288:7IHKkV+TvGxB0uY7BMcJ46A9jmP/uhu/yMS08CkntxYRV:7IHKw+zGxBlfmP/UDMS08Ckn38
Threatray 2'277 similar samples on MalwareBazaar
TLSH ED455C09E6E40C41DCB515355DD6ECB035B3FC298B02A21B37EE7ABF2DB2A904E1535A
Reporter abuse_ch
Tags:cmd Kutaki


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: pro.mxout.rediffmailpro.com
Sending IP: 119.252.152.37
From: RAZA AUTO WHEELS <a67850@baldealer.com>
Subject: Confirmation of Payment From RAZ AUTOS
Attachment: RAZ_AUTOS.zip (contains "RAZ_AUTOS.cmd")

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/68736/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Running batch commands
Creating a process with a hidden window
Creating a file
Searching for the window
Deleting a recently created file
Replacing files
Launching a process
Result
Threat name:
Kutaki
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/483573
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Yara detected Kutaki Keylogger
Yara detected VB_Keylogger_Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/39d176c59fce7adab56191645e64f1092a405db9c2c85dc9fe78d419d70f5b6c/
Threat name:
Win32.Trojan.Johnnie
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 03:16:35 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hhixnrm7zz5nvnlbsfsf4zhrbeveaxnzylef3sp6pdkbtvyplnwa._file
Verdict:
unknown
Similar samples:
2514f7c0a5815b1208a348e078fe32cdff4e00bb7bf0298f7e8ad85312ec76da
Kutaki
3e9112b343c87d170c86000f87788f3a19422e24ca9bb3681d9ea83fe513e5f5
Kutaki
80f261e0af58da2e11d1ce255795fe9eb839be94248e118e6777483894a5eb67
Kutaki
950c5135a82ae668688c83c699fc372e74f2745aae8effd9f87fcae2b4a447be
Kutaki
a58862e34baf3a1758ab15ac0fe0485b294903598a39107b4312df0cf5b36cac
Kutaki
bb10d53967d703dd945777d9b9b38e03bd3c90fa77e68e7082678a9b02b40235
Kutaki
c4d36a8bed7042aa9abc38d0883bc4e7916b275ffb51147b6ca9572e5fb496f4
Kutaki
cf02bb3aa058cc571d6c3368f98a96fefa3db05a813ea479d002edc1c3cbdb95
Kutaki
e2784c7f18addfe3cf107b35eae017eb8d02025fec8bc9d235a7ba598fcd9b62
Kutaki
ea04aeb35f3ee924c978225fd95f2fa3df8a4847a761685ad79f96c82886f80d
Kutaki
+ 2'267 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201007-abdpxq2ggj/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Unpacked files
SH256 hash:
39d176c59fce7adab56191645e64f1092a405db9c2c85dc9fe78d419d70f5b6c
MD5 hash:
c760a08c71b16f8de88eba514f28add8
SHA1 hash:
06413525306e162647dfee5bd6409f3f53534cbf
Link:
https://www.unpac.me/results/bf75922e-e279-4a32-a7d6-3d94e0231628/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/39d176c59fce7adab56191645e64f1092a405db9c2c85dc9fe78d419d70f5b6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Kutaki

zip 83d4d083813fb205a5efec07292d2cf036328896f4d51a84bffa75fe55542ed7

Kutaki

Executable exe 39d176c59fce7adab56191645e64f1092a405db9c2c85dc9fe78d419d70f5b6c

(this sample)

  
Dropped by
MD5 eea4398cc9d05c9a1127d45dd09acfe9
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/68736/
  
Dropped by
SHA256 83d4d083813fb205a5efec07292d2cf036328896f4d51a84bffa75fe55542ed7

Comments