Overview

overview

10

Static

static

10

Recipt.exe

windows7-x64

10

Recipt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6272b9a1d4e9582210bb1ae270363dfa.zip

  • Size

    373KB

  • Sample

    221212-g8xlssag42

  • MD5

    6272b9a1d4e9582210bb1ae270363dfa

  • SHA1

    2fbf3a375b3a00fd03f2b23d46b4a78233893df4

  • SHA256

    b6f0ba05cacbf16b6bf1c0366126556a3763121e14621e12ff7788a11bb5d44c

  • SHA512

    e3e73a8fa78add83d320a7397c6ed1cddd496e76cb485c2625977912c3407c766fa4e3fcb3786430e2d8fc3c444009a475ef6490c7f334ba225b03f8b53a9e65

  • SSDEEP

    6144:qZs2OyrE+vK40hxr56x184GlA9jOHX/VCSC3hwjlMhkcuBQMS4y+lq4HTonq9ybn:Cs2rE+H0fL40A9jO3/Uh6R2MS48wknx7

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Targets

    • Target

      Recipt.exe

    • Size

      629KB

    • MD5

      64b06d9408f8681bce5821db705273ce

    • SHA1

      52b1e9f9859a64f71f28fd83c8fe62aa60352589

    • SHA256

      5152a2dee24714603552cf873e34a12b8822df103336e8f0e1da5379720c7348

    • SHA512

      7ec1ad8d8b02d0b9c0fbd63317211288d71123e3c5c9f2df646ad5b5a8f0cf8006ee357ff288ea793981fbde141126ec18fb44786b5d6bda62b0309b9fce84ce

    • SSDEEP

      12288:UiwaCECK5cldtdlEqDPylAwn46A9jmP/uhu/yMS08CkntxYRyL:ZCED5cldtdPDgAw4fmP/UDMS08Ckn35

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks