Overview

overview

10

Static

static

10

Payment Co...ce.exe

windows7-x64

10

Payment Co...ce.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b304a8703c9dbee03a488a8f35d333b1

  • Size

    457KB

  • Sample

    220914-nvgfzsabd3

  • MD5

    b304a8703c9dbee03a488a8f35d333b1

  • SHA1

    ef13da90824763385c4b005c7afc8bcd8f739e1b

  • SHA256

    551139fbf090ebe790659819d4dce1b9f9294ccf547a86e672ba1b7477c07ad1

  • SHA512

    1caf598a3e5dcdc98566f27a722727003abe07cceb69f6e963fec8583b4885612c156b761d5e5abf522e27df25da7266092747102d912a2fe367ea57e1330a47

  • SSDEEP

    12288:OsMYVXxY/jOazvHMUXjoxDxpVulwZwQnd7Rgld5W:OUkzyxDMln6ZSlu

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Targets

    • Target

      Payment Confirmation Invoice.exe

    • Size

      408KB

    • MD5

      226bea0278f6534c83992d1ceac1c211

    • SHA1

      b1a3df7bedbb45b0a2df9e575293d795996da01a

    • SHA256

      29b194f5409b24a2bdf4b74f35e13a73e7e133dab36339f7b2cc9a0e4f007e17

    • SHA512

      e889315f6609ace41811e0f7379cccb802b0ed3012337f9653241b3a0bdaf9b9bf523b9134b2e373d9117118fef68565c1a5e7eb57ddb53c2656277f2957277e

    • SSDEEP

      6144:ax9Xwhm7c/n10V7cMW4Es+CS/wUcvzUjSa5pK2mKdl0TruunfD09gfJChgGJhCj:abXwhm7a1gB4/8vYjDpK8atfx8hDu

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks