Overview

overview

10

Static

static

10

Tax Paymen...an.exe

windows7_x64

10

Tax Paymen...an.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4fe1bcae3a5814f061468b27d1eddfc1

  • Size

    1.1MB

  • Sample

    220616-ltxepsgch5

  • MD5

    4fe1bcae3a5814f061468b27d1eddfc1

  • SHA1

    af3842b249abe6deda5f48a57f3a970645c276b8

  • SHA256

    e66cc45671709e311df48ace6e471e9fdd7a6cef8711375cd7eedb428c3e0f67

  • SHA512

    1c88a8f7037b29d35d088b0b73b11136d134f99c020e24075e9e5004f0464f3cbf9a061a895726aac55e5d8f32f40a777b489b74fcbf8930032414a1ae7467ba

Score
10/10
kutakikeyloggerstealer

Malware Config

Targets

    • Target

      Tax Payment Challan.exe

    • Size

      3.7MB

    • MD5

      5f25cb32cb11c4e4983d85bf95aee8f1

    • SHA1

      cd7ec29d9a162ac4ffd453c2beafae52767a3739

    • SHA256

      99229a496b7b21bc5385bf85b68358418a5e3554740fa8ed14d355c5bc25997d

    • SHA512

      bd528327be04e93c074175cf415fdb75811d951eaf4fb752c1bc56cd843292ae8c10357a6b66745179d5007ad31867e83aeaa82b61f6165090e368a0c9332987

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks