Overview

overview

10

Static

static

10

JTF.exe

windows7-x64

10

JTF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60c691128b1bc40562404da05718b3e7.zip

  • Size

    297KB

  • Sample

    220924-fb83wsaeg9

  • MD5

    60c691128b1bc40562404da05718b3e7

  • SHA1

    69fdd51612e945229d828b7408adfaaa6830a9e7

  • SHA256

    0392b3c77ea02a9d0ab0a5802b0a8880989a1afd0a74cdbfe6bf540c92cfda1f

  • SHA512

    e51bdb4dad6a8530d4e8e687037a8c44018850ee7d7f260d6f97b12b080d38a686c37007e85fe033f39ffa98dc9421a1b5f2a3a25e03ffc3ef7f9825109b5125

  • SSDEEP

    6144:m7BZKv5J94Es+CSdw0MvzojSa7pC2smdl0TJuUn9D0ngfHCpggJhCje:md0i4dSv0jppCcaf9Zqpjue

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Targets

    • Target

      JTF.exe

    • Size

      368KB

    • MD5

      9cb5c7e9ff6a1ebadffdf841e4b0c365

    • SHA1

      d84cd78c91fb38976dbcd2a215aa1c04683b0b86

    • SHA256

      2a912155052a824834d135b4d4e76d05287070c5141311b9a86e54ddbde13268

    • SHA512

      32cf5449200fae46a22196901dd2c25cd2da3c9611aaddbb589e49518b80f7a77d1371e76174b9868782fb6688a910006fafcfca0c92dbdf3aae1ae97fe83d69

    • SSDEEP

      6144:tL0Vwc4W4Es+CS/wUcvzUjSa5pK2mKdl0TruunfD09gfJChgGJhCj:tL0aB4/8vYjDpK8atfx8hDu

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks