kutaki | 24171c6024628fe1d18a50883ebc19dd86c42eb45aca2b402bd91dc5802c29e9 | Triage

Sharing

General

Target

5d686d1aa4048911d04e368c30a43c0d.bin
Size

2.1MB
Sample

230408-bz6v8abd28
MD5

5d686d1aa4048911d04e368c30a43c0d
SHA1

b7240ee3eba17d7575dfe2b9721c55ec2484ac38
SHA256

24171c6024628fe1d18a50883ebc19dd86c42eb45aca2b402bd91dc5802c29e9
SHA512

a5db7387318cdddbf583a68ec0ef493e7e19f187f4446a6b5fecd124577b219f2c07f61d6f06f6838647581d843e1ae2755cae05dcd320b390cbf768a5ce0eeb
SSDEEP

49152:DiLTPeVjFOwHxP1PC/jbtO0oMguZgTY4rRKXNZ4lmt/aY8h5:DiHgxxo/ftoMg+gcKKXNZ4lmt/aY8L

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Targets

- Target
  
  Payment_Copy.exe
- Size
  
  2.4MB
- MD5
  
  fe87505c13a6a986885193cb177d4607
- SHA1
  
  8d11c69147d8fce75c714d0f7de6a26415facda0
- SHA256
  
  a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845
- SHA512
  
  246854ff69ac1d6c6a734f8243c6a9b20ffd00265a00f5c1230db7ba2e73580af920fe8e8a0402c34da658bc8967b557a9be853bde9c4c1319e9c1a420a2a6fb
- SSDEEP
  
  49152:hlkWk5cS7a+9XYaQHZehc4mTYJ78V9gyBn4cbfmP/SA8N:3ajJ4Z942KQV9hp4UfmP/SA8
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

kutakikeyloggerstealer