Extracted

• • Target

    Challan.exe

  • Size

    593KB

  • MD5

    ba62a3fe1ef370a7efd7abe232c71619

  • SHA1

    ca160ffe9550aa4c14c37522dade8aafa50a42b3

  • SHA256

    5e68db0fc4ba7e505cb1d59e9db3c1c09ab83d0d5f1d2e28e0446ee8c6fa3081

  • SHA512

    237d2cf167d92e5840651c19f067ffd0140dec6f6c511f704f520c8a262908d96a4b60eaa57736342490dd79b99d51146d156cba01e8768acd2f478f9c4bb8f0

  • SSDEEP

    12288:5AM0xGDBOY+OxjAfwq46A9jmP/uhu/yMS08CkntxYRWL:5z0xGDBOYXQwVfmP/UDMS08Ckn3R

  Score

  10^/10

  kutakikeyloggerstealer

  • Kutaki

    Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    stealerkeyloggerkutaki

  • Kutaki Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2