Extracted

• • Target

    Payment Confirmation Invoice.exe

  • Size

    408KB

  • MD5

    226bea0278f6534c83992d1ceac1c211

  • SHA1

    b1a3df7bedbb45b0a2df9e575293d795996da01a

  • SHA256

    29b194f5409b24a2bdf4b74f35e13a73e7e133dab36339f7b2cc9a0e4f007e17

  • SHA512

    e889315f6609ace41811e0f7379cccb802b0ed3012337f9653241b3a0bdaf9b9bf523b9134b2e373d9117118fef68565c1a5e7eb57ddb53c2656277f2957277e

  • SSDEEP

    6144:ax9Xwhm7c/n10V7cMW4Es+CS/wUcvzUjSa5pK2mKdl0TruunfD09gfJChgGJhCj:abXwhm7a1gB4/8vYjDpK8atfx8hDu

  Score

  10^/10

  kutakikeyloggerstealer

  • Kutaki

    Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    stealerkeyloggerkutaki

  • Kutaki Executable

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  behavioral1behavioral2