Overview

overview

10

Static

static

10

Tax Paymen...an.exe

windows7-x64

10

Tax Paymen...an.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af0d6784c97c27046e8801283e7fba16592683f780ae03d8971ae67eeeae8f02

  • Size

    333KB

  • Sample

    221204-q8d9wsec95

  • MD5

    0261c6a73030a063de8c43cfb6b813f2

  • SHA1

    37ff4a8b94fc7e19785835a88b4b1a937ea38781

  • SHA256

    af0d6784c97c27046e8801283e7fba16592683f780ae03d8971ae67eeeae8f02

  • SHA512

    b411204b4194470eba00ef225d6a4b71e01ac3b094d7ac11bbca7272f447c477dfcdd1da9537f8f87bf6eb5a2b2a839c58bbcdb9ea436be8df3e48f838e337a1

  • SSDEEP

    6144:+KvN2RpPU3F71tQsR1EW6VVNvkDlSOcwhxswQhgYwjnsFaSS8uX/MSPnz0r:+KQH071PTyNwlSpwhYUs9ZmMSgr

Score
10/10
kutakikeyloggerstealer

Malware Config

Targets

    • Target

      Tax Payment Challan.exe

    • Size

      603KB

    • MD5

      1299315c3032491208ef04f8674aa5fa

    • SHA1

      f320997f6f3479ef392be9f35e1f5b600f9f42f1

    • SHA256

      11724aa717338d3fa58fc1c6d92cdf9b64ca986b0e2f6cde1a5d795d6277fc4c

    • SHA512

      41025d5293d43d630c932d1b186c75c793cf9430222a90e02c719c2b5a436715c3298626ef1c1567f92a42e468f8abb5c053e44c38d339b1e75c5b329ed8474a

    • SSDEEP

      6144:BHmz3+U3iFSMYN5Exf2o9LnIH8iN/wfGB4Dosj1E+6VVPviDlSOcwhxAwOhgYwj7:9rtZmXN4zJpGPqlSpwhm4s5bsGSCs5

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks