Overview

overview

10

Static

static

10

Tax Paymen...an.exe

windows7_x64

10

Tax Paymen...an.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cac3951ffd1a0c8acb91c35524b9f7cc

  • Size

    1.1MB

  • Sample

    220616-ltvwwagch3

  • MD5

    cac3951ffd1a0c8acb91c35524b9f7cc

  • SHA1

    78b766a06e92fbc45568499bd5907c26c46023a1

  • SHA256

    67570553571b9f3ad18daca129d096966dbf327c2e900f1873c3a26adf4ea53f

  • SHA512

    a62852a1eba2375a3dbe3f9420ab0996925b430fd51e6fd61eb31c4c017a5ddb458d754bb7532e974c75334b31d917f2220778315d20f491b47ac1c3d9a66a9b

Score
10/10
kutakikeyloggerstealer

Malware Config

Targets

    • Target

      Tax Payment Challan.exe

    • Size

      3.7MB

    • MD5

      5f25cb32cb11c4e4983d85bf95aee8f1

    • SHA1

      cd7ec29d9a162ac4ffd453c2beafae52767a3739

    • SHA256

      99229a496b7b21bc5385bf85b68358418a5e3554740fa8ed14d355c5bc25997d

    • SHA512

      bd528327be04e93c074175cf415fdb75811d951eaf4fb752c1bc56cd843292ae8c10357a6b66745179d5007ad31867e83aeaa82b61f6165090e368a0c9332987

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks