MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bc33661eae22696045e7b4b1f29344f4c33e53404ddee2f72fd188beea1d865. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	3bc33661eae22696045e7b4b1f29344f4c33e53404ddee2f72fd188beea1d865
SHA3-384 hash:	eb158a166a06f25704aed06177e8e4ab0efcd09b8c19890122a5efb2c1f6ff643b4aa7c81f02b9d6dacc31f47c2379e2
SHA1 hash:	c0960248bdadcc3081309938eab48eb8002a91ff
MD5 hash:	d43338c66b34e2d4e15b090aeb58401c
humanhash:	blossom-coffee-queen-video
File name:	d43338c66b34e2d4e15b090aeb58401c
Download:	download sample
File size:	606'208 bytes
First seen:	2021-06-16 20:43:12 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	145c6039185a48fcd75206f572d72aaf
ssdeep	6144:5qyKexVFPv7cWcm1S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHTonWryFDYR3:AyKsIp46A9jmP/uhu/yMS08CkntxYR3
Threatray	5'317 similar samples on MalwareBazaar
TLSH	68D48D137FAE8D85D49C64B54C4B46F015A3FC423AC60A77A6827EADEC32B507CA474E
Reporter	zbetcheckin
Tags:	32 exe

Intelligence

File Origin

# of uploads :

# of downloads :

100

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

d43338c66b34e2d4e15b090aeb58401c

Verdict:

Malicious activity

Analysis date:

2021-06-16 20:44:24 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/4156845a-4b2d-4e91-b585-d77974f9250c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

Win.Keylogger.Generic-9868679-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Using the Windows Management Instrumentation requests

Running batch commands

Creating a process with a hidden window

Creating a file

Searching for the window

Deleting a recently created file

Replacing files

Creating a process from a recently created file

Sending a UDP request

Enabling autorun by creating a file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/20e170ee-9697-4b0c-aa00-4612e05656be

Result

Threat name:

Kutaki

Detection:

malicious

Classification:

adwa.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/803352

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Drops PE files to the startup folder

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Yara detected Kutaki Keylogger

Yara detected VBKeyloggerGeneric

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3bc33661eae22696045e7b4b1f29344f4c33e53404ddee2f72fd188beea1d865/

Threat name:

Win32.Spyware.AgentKlog

Status:

Malicious

First seen:

2021-06-15 06:00:55 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

34 of 46 (73.91%)

Threat level:

2/5

Verdict:

unknown

24685ae80833bb2a534ca942681d445795038cbb83be3bb19844c17a7a4b6398

3984e3e77df5bdbfdc10a20cbb7090bcc94921e27dd61b8ee7a7133cc06e8a78

8330fe82dcc9461a750d34f5fb88c161f0a79fe2d235f21c4c0fc7abb001b5c9

83e0b1a8b103ccc621606414b6363aa04e8b44f40e9f100de0a834498b655ddc

8f165a26d7e9ad72cb0d51cf01076cc4b0099a244cd4e702645d36dc788dd0cc

c31cb5e440e41cbfc98b3297ffc91cfdedfc634295386e0e4c428a3be360ae86

dd7117a4199376d222343f72eb4ddd55ab706982d4f8cd3c6acbec868459e7ed

f3e34e5e324b4f3c5266dac6f9a7c37c204893ef26b7c742a150d50a35eb8c89

f85e5536409783a90f063aa0c836d1963621aab1535b981f6bc476276dd4a381

+ 5'307 additional samples on MalwareBazaar

Result

Malware family:

kutaki

Score:

10/10

Tags:

family:kutaki keylogger stealer

Link:

https://tria.ge/reports/210616-ma6dnmnnse/

Behaviour

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops startup file

Loads dropped DLL

Executes dropped EXE

Kutaki

Kutaki Executable

Unpacked files

SH256 hash:

3bc33661eae22696045e7b4b1f29344f4c33e53404ddee2f72fd188beea1d865

MD5 hash:

d43338c66b34e2d4e15b090aeb58401c

SHA1 hash:

c0960248bdadcc3081309938eab48eb8002a91ff

Link:

https://www.unpac.me/results/239baadd-fcb1-4b74-94fe-1f35c390f3a4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.84

Link:

https://yomi.yoroi.company/submissions/3bc33661eae22696045e7b4b1f29344f4c33e53404ddee2f72fd188beea1d865

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 3bc33661eae22696045e7b4b1f29344f4c33e53404ddee2f72fd188beea1d865

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/1372056/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample