kutaki | a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845 | Triage

Sharing

General

Target

a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845.exe
Size

2.4MB
Sample

230514-lz4e7sdh31
MD5

fe87505c13a6a986885193cb177d4607
SHA1

8d11c69147d8fce75c714d0f7de6a26415facda0
SHA256

a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845
SHA512

246854ff69ac1d6c6a734f8243c6a9b20ffd00265a00f5c1230db7ba2e73580af920fe8e8a0402c34da658bc8967b557a9be853bde9c4c1319e9c1a420a2a6fb
SSDEEP

49152:hlkWk5cS7a+9XYaQHZehc4mTYJ78V9gyBn4cbfmP/SA8N:3ajJ4Z942KQV9hp4UfmP/SA8

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Targets

- Target
  
  a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845.exe
- Size
  
  2.4MB
- MD5
  
  fe87505c13a6a986885193cb177d4607
- SHA1
  
  8d11c69147d8fce75c714d0f7de6a26415facda0
- SHA256
  
  a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845
- SHA512
  
  246854ff69ac1d6c6a734f8243c6a9b20ffd00265a00f5c1230db7ba2e73580af920fe8e8a0402c34da658bc8967b557a9be853bde9c4c1319e9c1a420a2a6fb
- SSDEEP
  
  49152:hlkWk5cS7a+9XYaQHZehc4mTYJ78V9gyBn4cbfmP/SA8N:3ajJ4Z942KQV9hp4UfmP/SA8
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

kutakikeyloggerstealer