Overview

overview

10

Static

static

10

TAX Paymen...an.exe

windows7_x64

10

TAX Paymen...an.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TAX Payment Challan.zip

  • Size

    453KB

  • Sample

    220326-p4s2tahdfl

  • MD5

    e44f6161e0050ebf3b546f69d45953a9

  • SHA1

    4f8daff3ba23345850e612fae573cc6678da13e9

  • SHA256

    fe678d978d570126471ce098591d3f7804c80c69e28de408d641ded39615c262

  • SHA512

    8e734e4dec60ef70fff997780562571c402b9422693fdd0dcda963e90ac6b93b44a59a2cb98bdafa999a3882182daabd5a8dd03dbc9005e9a6521330cdce5eec

Score
10/10
kutakikeyloggerstealer

Malware Config

Targets

    • Target

      TAX Payment Challan.exe

    • Size

      992KB

    • MD5

      5a4e40ea4fdcdce0320c09d3c2090120

    • SHA1

      8ca59d7b1136ae7fe1014e4b50a3884d679a0ac4

    • SHA256

      15b20e9cbdcbd53dfc20f1b38cc9a7883b78aa36a9f9a69d390af392ee2b3798

    • SHA512

      a58b3f2f6ba68cf47efc6f9c5247afdac6d4f8ab269cb80348c5750c8eb63e337a4be1e7dfad3d2e011df64517acb418676c14659f0c6b81ad336c5dc7757415

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks