Overview

overview

10

Static

static

10

INCOMETAXRECEIPT.exe

windows7-x64

10

INCOMETAXRECEIPT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INCOMETAXRECEIPT.zip

  • Size

    377KB

  • Sample

    230123-rynagsdf83

  • MD5

    ffa94a4de6d68ccb174ecf21384c9c82

  • SHA1

    ba5e2d7218d82a79ae5bd32769c2ce636face5fc

  • SHA256

    b0688856d6ee53fd61f3984209f13a9c0f4b73623ca8bfabd7e3af219d0e106c

  • SHA512

    df3c7bd85670ac9fe6a160d705d40ec48a646fc3351063001401ad3612e46ba1d6912e228708a87b0df8149255490d13bff2af431f5e0e5ba803a672226fb013

  • SSDEEP

    6144:m69Jj4jMavrARev4Q1S4GNA9jmH5/VCSY3hwtlMbk8u1QMSKy+lqiHTonqryHREr:m69N4BvWn4cA9jmZ/uhINyMSK8CknZHs

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://newloshree.xyz/work/son.php

Targets

    • Target

      INCOMETAXRECEIPT.exe

    • Size

      653KB

    • MD5

      6f3fcb3b525cf096486c2aff329f8af6

    • SHA1

      b80c6c5e17f0b9b56272d6e436edbdc8de2c3653

    • SHA256

      de300e36aae81150d371e25a5e8c352b477a12e9d63b1bc6933a99e2d6e8739f

    • SHA512

      445cbc3ed31d68f716bb1088007794bd8450feed3549ef1d4108631a3de00b580b03b917e0f470e2372db4b803dae51c88429e2797289c2bc6542c78ddcc1268

    • SSDEEP

      12288:n40h1YJpgHHphE/46A9jmP/uhu/yMS08CkntxYREL:nhDYJpgHtfmP/UDMS08Ckn3v

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks