The Kutaki Malware Bypasses Gateways to Steal Users’ Credentials - Cofense
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Visual Basic - T1059.005
Show in Graph
Common Information
Type Value
UUID 5f7efdfd-7e0b-4f49-be45-4be11a8dca1d
Fingerprint ee359df9a1326bcb
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 21, 2019, 9:28 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline The Kutaki Malware Bypasses Gateways to Steal Users’ Credentials
Title The Kutaki Malware Bypasses Gateways to Steal Users’ Credentials - Cofense
Detected Hints/Tags/Attributes 58/2/19
Source URLs
Redirection Url
Details Source https://cofense.com/kutaki-malware-bypasses-gateways-steal-users-credentials/
URL Provider
Details Provider Source level domain
Details cofense.com cofense.com
Attributes
Details Type #Events CTI Value
Details Domain 184 
www.fireeye.com
Details Domain 1 
babaobadf.club
Details Domain 1 
janawe.bid
Details File 83 
sbiedll.dll
Details File 54 
dbghelp.dll
Details File 2127 
cmd.exe
Details File 1 
c:\users\admin\appdata\local\temp\images1.png
Details File 1 
hyuder.exe
Details File 2 
the-dead-giveaways-of-vm-aware-malware.html
Details md5 1 
89D45698E66587279460F77BA19AE456
Details md5 1 
A69A799E2773F6D9D24D0ECF58DBD9E3
Details md5 1 
70bf5dd41548e37550882eba858c84fa
Details md5 1 
8e4aa7c4adec20a48fe4127f3cf2656d
Details Url 1 
http://batayneh.me/invoice-with-bank-details-template/invoice-with-bank-details-template-blank-tax-luxury
Details Url 1 
https://www.fireeye.com/blog/threat-research/2011/01/the-dead-giveaways-of-vm-aware-malware.html
Details Url 1 
http://babaobadf.club/kera/kera3x.php
Details Url 1 
http://janawe.bid/ff/om2.exe
Details Windows Registry Key 3 
HKLM\System\CurrentControlSet\Services\Disk\Enum
Details Windows Registry Key 3 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion