kutaki | 86fc1f2dabb60a5c5a30d63d8508240074809554e0630f1d6bed457e3f02e80a | Triage

Submit
Reports

Overview

overview

Static

static

INCOMETAX_RECEIPT.exe

windows7-x64

INCOMETAX_RECEIPT.exe

windows10-2004-x64

1

Sharing

General

Target

INCOMETAX_RECEIPT.exe
Size

1.0MB
Sample

230207-k3armaaf82
MD5

3983e3e2ea37719a50665ac70316a53d
SHA1

029aaed996072a601fae913597f20c976bc2a452
SHA256

86fc1f2dabb60a5c5a30d63d8508240074809554e0630f1d6bed457e3f02e80a
SHA512

afc55b36136dc5028991adc08d82837476d2d3e5f1976b740445d874ba5bf51fb425e7ff85035e5268d2d270b48d109586086ab202174881d430ffa8a20bc113
SSDEEP

24576:XvPS/SnugUM+4Zt5l1fmP/UDMS08Ckn31E:XvPEwug1jfmP/SA8NlE

Score

10^/10

kutaki keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

INCOMETAX_RECEIPT.exe

Resource

win7-20220812-en

kutaki keylogger stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

INCOMETAX_RECEIPT.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://newloshree.xyz/work/son.php

Targets

- Target
  
  INCOMETAX_RECEIPT.exe
- Size
  
  1.0MB
- MD5
  
  3983e3e2ea37719a50665ac70316a53d
- SHA1
  
  029aaed996072a601fae913597f20c976bc2a452
- SHA256
  
  86fc1f2dabb60a5c5a30d63d8508240074809554e0630f1d6bed457e3f02e80a
- SHA512
  
  afc55b36136dc5028991adc08d82837476d2d3e5f1976b740445d874ba5bf51fb425e7ff85035e5268d2d270b48d109586086ab202174881d430ffa8a20bc113
- SSDEEP
  
  24576:XvPS/SnugUM+4Zt5l1fmP/UDMS08Ckn31E:XvPEwug1jfmP/SA8NlE
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

© 2018-2025

Terms | Privacy