kutaki | 9a1d08a5e847f6faf3abdbbf95388055757c544c5b792be39463b94417d9ea69 | Triage

Submit
Reports

Overview

overview

Static

static

jmt.exe

windows7-x64

jmt.exe

windows10-2004-x64

Sharing

General

Target

jmt.exe
Size

629KB
Sample

221208-k1wlbahe22
MD5

79203689b5f7811d9215a51c7d8ca106
SHA1

97137de64f6d4f8e7d2ae769024ee4053bb3058e
SHA256

9a1d08a5e847f6faf3abdbbf95388055757c544c5b792be39463b94417d9ea69
SHA512

fe697e799f618dd45cd7e5d30dae3fa296303c337d1087b3a34adcc9a1b8282bd1c4d45256cbfb56d14f309464d6fc0040ebb9961e9779b890ef1748c032dcba
SSDEEP

12288:diwaCECK5cldtdlEqDPylAwl46A9jmP/uhu/yMS08CkntxYRvL:qCED5cldtdPDgAw+fmP/UDMS08Ckn32

Score

10^/10

kutaki keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

jmt.exe

Resource

win7-20221111-en

kutaki keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

jmt.exe

Resource

win10v2004-20220812-en

kutaki keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Targets

- Target
  
  jmt.exe
- Size
  
  629KB
- MD5
  
  79203689b5f7811d9215a51c7d8ca106
- SHA1
  
  97137de64f6d4f8e7d2ae769024ee4053bb3058e
- SHA256
  
  9a1d08a5e847f6faf3abdbbf95388055757c544c5b792be39463b94417d9ea69
- SHA512
  
  fe697e799f618dd45cd7e5d30dae3fa296303c337d1087b3a34adcc9a1b8282bd1c4d45256cbfb56d14f309464d6fc0040ebb9961e9779b890ef1748c032dcba
- SSDEEP
  
  12288:diwaCECK5cldtdlEqDPylAwl46A9jmP/uhu/yMS08CkntxYRvL:qCED5cldtdPDgAw+fmP/UDMS08Ckn32
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

kutakikeyloggerstealer

© 2018-2025

Terms | Privacy