Overview

overview

10

Static

static

10

SecuriteIn...53.exe

windows7-x64

10

SecuriteIn...53.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2022, 02:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.61120451.25553.exe

  • Size

    2.6MB

  • MD5

    70e966394bf9947ff01b681bab9d0f71

  • SHA1

    53946411e4e975a9ed354b16cd22041108e9f596

  • SHA256

    c7e3deb446233da1eb6c6df66913065773d510a21750a9ea675b69be46ab245a

  • SHA512

    a71a0b9b265b3c31c01305b121b386b8beb14cb6f670df4cbdad3d2fb7a3b3c508b25b48b253cba4c9aacde77e47fc32481fdc4cfc9221af83ea90ab7a6fc200

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://ojorobia.club/laptop/laptop.php

http://terebinnahicc.club/sec/kool.txt

Signatures

  • Kutaki

    Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    stealerkeyloggerkutaki
  • Kutaki Executable 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops startup file 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.61120451.25553.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.61120451.25553.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:1048
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\szdxunch.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\szdxunch.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2008

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\szdxunch.exe
      Filesize

      2.6MB

      MD5

      70e966394bf9947ff01b681bab9d0f71

      SHA1

      53946411e4e975a9ed354b16cd22041108e9f596

      SHA256

      c7e3deb446233da1eb6c6df66913065773d510a21750a9ea675b69be46ab245a

      SHA512

      a71a0b9b265b3c31c01305b121b386b8beb14cb6f670df4cbdad3d2fb7a3b3c508b25b48b253cba4c9aacde77e47fc32481fdc4cfc9221af83ea90ab7a6fc200

      Download Submit

    • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\szdxunch.exe
      Filesize

      2.6MB

      MD5

      70e966394bf9947ff01b681bab9d0f71

      SHA1

      53946411e4e975a9ed354b16cd22041108e9f596

      SHA256

      c7e3deb446233da1eb6c6df66913065773d510a21750a9ea675b69be46ab245a

      SHA512

      a71a0b9b265b3c31c01305b121b386b8beb14cb6f670df4cbdad3d2fb7a3b3c508b25b48b253cba4c9aacde77e47fc32481fdc4cfc9221af83ea90ab7a6fc200

      Download Submit

    • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\szdxunch.exe
      Filesize

      2.6MB

      MD5

      70e966394bf9947ff01b681bab9d0f71

      SHA1

      53946411e4e975a9ed354b16cd22041108e9f596

      SHA256

      c7e3deb446233da1eb6c6df66913065773d510a21750a9ea675b69be46ab245a

      SHA512

      a71a0b9b265b3c31c01305b121b386b8beb14cb6f670df4cbdad3d2fb7a3b3c508b25b48b253cba4c9aacde77e47fc32481fdc4cfc9221af83ea90ab7a6fc200

      Download Submit

    • memory/1864-56-0x0000000076C01000-0x0000000076C03000-memory.dmp

      Filesize

      8KB

      Download