Overview

overview

10

Static

static

10

State Bank...nt.exe

windows7-x64

10

State Bank...nt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    acd2337827d8684608826a1f60e4d552

  • Size

    458KB

  • Sample

    220830-xjfjzsfch3

  • MD5

    acd2337827d8684608826a1f60e4d552

  • SHA1

    3014c19547c5c4c640eacb040e78e1304bd8a6d9

  • SHA256

    382d5c176d59f1da5470bc7f14b7a19364b05c33561c4e7267c190a93ca65176

  • SHA512

    c092539df063b746a146d40f61057a23ec577222b7602af4af15957316fcabe75266510884b784a0fb05c1f899852dcc1f63e1333bfefb97c0ea4df1eb5a5ca6

  • SSDEEP

    12288:xuVJ6TczV/Nnug+DdBnoFFwLisDcd6p70MKcE:qnNuginoFFwLbMSE

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Targets

    • Target

      State Bank of India Payment.exe

    • Size

      536KB

    • MD5

      b01906f5328bf8df68d9c0e5637ee050

    • SHA1

      9a83caa72c6c86d399acf1da16014a88654ee043

    • SHA256

      b81ce1757e7d279ca226e752baa9422622119a49e8364866b91667301c74e589

    • SHA512

      969c1789142c9ad646c4232e8f46ebf0bae4d0f20ba25d4d30b32a0a263917a65584bc5f2eb4145ead0a80453f168ceae4c4a12078a43fdd2fa504239e2eb036

    • SSDEEP

      6144:1T1htGytvUf4yclQgx7+8DfpedxbKT3F9opcVyFW4Es+CS/wUcvzUjSa5pK2mKd4:TP+8DpFTvodFB4/8vYjDpK8atfx8hDu

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks