kutaki | c540c69985914bd3e5f0fda62e55dde2bbea52c94305f305092fda4fa954c5b3 | Triage

Submit
Reports

Overview

overview

Static

static

HDFC Payme...pt.exe

windows7-x64

HDFC Payme...pt.exe

windows10-2004-x64

Sharing

General

Target

74beaca14604870fb4ffd8b962643f05
Size

458KB
Sample

220830-xjl2rsfch4
MD5

74beaca14604870fb4ffd8b962643f05
SHA1

d9447dd00c6f35d84fd28596f201ab4ef35a53fb
SHA256

c540c69985914bd3e5f0fda62e55dde2bbea52c94305f305092fda4fa954c5b3
SHA512

f51c3a47cccefff55db3cdf0f29a10299170ab9af6ead89e9517b4dbb2310c6c884c6ef796a646b4523e2cc045f930d9be25ff192c3b86ad75c15d5340eab50c
SSDEEP

12288:HZdjGfLP9JveGPziXlxnQDsrYcuM74FC9siEF:59GZJ2CzCnQDsrYCglF

Score

10^/10

kutaki keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

HDFC Payment Receipt.exe

Resource

win7-20220812-en

kutaki keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

HDFC Payment Receipt.exe

Resource

win10v2004-20220812-en

kutaki keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Targets

- Target
  
  HDFC Payment Receipt.exe
- Size
  
  536KB
- MD5
  
  2a189ba5e989daca58342a7dd038b142
- SHA1
  
  abbaecc7acad08d1163a452cb56aa1d71c3582f8
- SHA256
  
  5587ae6cef689c180254ba9d455eb62c171c4bbb20f82af7450ea2eeff4eac1e
- SHA512
  
  f22d03a70d3177096acb5f62f9f6949df2478cb7d2dea40fc2057b6f8ebf8bc28320f23e1c9a4edd92753baa989cea7d19482582a6d5878d3e9815c0ab800baa
- SSDEEP
  
  6144:NT1htGytvUf4yclQgx7+8DfpedxbKT3F9opcVyUW4Es+CS/wUcvzUjSa5pK2mKd4:7P+8DpFTvodUB4/8vYjDpK8atfx8hDu
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

kutakikeyloggerstealer

© 2018-2025

Terms | Privacy