Overview

overview

10

Static

static

10

4710472a59...24.exe

windows7-x64

10

4710472a59...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4710472a59fc98d7368b3aa1b719f024.exe

  • Size

    453KB

  • Sample

    230125-yhhtdsbh41

  • MD5

    4710472a59fc98d7368b3aa1b719f024

  • SHA1

    f37094d763df983afce0ab20b49cc4afda0abedc

  • SHA256

    2c72daa02805c43f5a35ebca409ad1ddcad3c4b244a9a0579d529b722fea9e6a

  • SHA512

    ea798060fdc5368815b8cfa68892b6799dedae3354fe6bf8712a1c26b6c7281ea29bef50b2a63ef1d9eaa1dc517842059060eef60a58bc0aa025b9d0caa60ebb

  • SSDEEP

    12288:8U4Tisi646A9jmP/uhu/yMS08CkntxYR/L:rDsufmP/UDMS08Ckn3C

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Targets

    • Target

      4710472a59fc98d7368b3aa1b719f024.exe

    • Size

      453KB

    • MD5

      4710472a59fc98d7368b3aa1b719f024

    • SHA1

      f37094d763df983afce0ab20b49cc4afda0abedc

    • SHA256

      2c72daa02805c43f5a35ebca409ad1ddcad3c4b244a9a0579d529b722fea9e6a

    • SHA512

      ea798060fdc5368815b8cfa68892b6799dedae3354fe6bf8712a1c26b6c7281ea29bef50b2a63ef1d9eaa1dc517842059060eef60a58bc0aa025b9d0caa60ebb

    • SSDEEP

      12288:8U4Tisi646A9jmP/uhu/yMS08CkntxYR/L:rDsufmP/UDMS08Ckn3C

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks