kutaki | 2be2263de3ddb86a18bc0adb5a00c85a1cea207ea41cdb770a12b29336a115ea | Triage

Submit
Reports

Overview

overview

Static

static

HDFC Tax P...on.exe

windows7-x64

HDFC Tax P...on.exe

windows10-2004-x64

Sharing

General

Target

834753e33e4fcc6a591ac20fea78d498.zip
Size

347KB
Sample

220920-lzglfacfa7
MD5

834753e33e4fcc6a591ac20fea78d498
SHA1

d57c36b7c583f1250b94a6b8920de82dbf96b82a
SHA256

2be2263de3ddb86a18bc0adb5a00c85a1cea207ea41cdb770a12b29336a115ea
SHA512

e8c5d65be5a6d861645e6fe53a22f7f0c8cb2ce8cdd76a1ffc7b7a6c306f737b7494fe1f1cdd04ff56811c6049ecd7b8bb9ca520f12313bb25516f38c4c16a7a
SSDEEP

6144:1xTcVAq+d0lH8hx74Es+CSfwOCvzMjSa7pKu6sdl0T7u+ntD0pgfNC3gGT+S:1xTcO32OhG4fyvojJpKYazt/o3fN

Score

10^/10

kutaki keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

HDFC Tax Payment Confirmation.exe

Resource

win7-20220812-en

kutaki keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

HDFC Tax Payment Confirmation.exe

Resource

win10v2004-20220812-en

kutaki keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Targets

- Target
  
  HDFC Tax Payment Confirmation.exe
- Size
  
  544KB
- MD5
  
  4d99bb4a8d588039573908a4cb9c1f5d
- SHA1
  
  15feba0a4ad53bdb7135fd58de01dee088301646
- SHA256
  
  b515657198d14112d9fd991fc5147cb8ca68050bf948669548e4d7998f76e9b6
- SHA512
  
  1884646b44413a603c8ca2ce186d04e32456c693676e1949f38bcae21732c0428aeef412ac6202a199f7ab4a48c2cbde923ae4ea9917fb289aa9aee1b8ea9cda
- SSDEEP
  
  6144:M8ylUOltoMFD95ad/gvlfZPFHrbl3wL0n9/G0GM5JLMKRMWBXd+tPdvcW4Es+CSE:j2YcJmW/+bcB4/8vYjDpK8atfx8hDu
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

kutakikeyloggerstealer

© 2018-2025

Terms | Privacy