Overview

overview

10

Static

static

10

TSD.exe

windows7-x64

10

TSD.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TSD.zip

  • Size

    394KB

  • Sample

    230605-mj2gcafh86

  • MD5

    633732566fb46888cd2430ccf3517c1d

  • SHA1

    1f8703997f4a2db457bbfe022e678f222ec86704

  • SHA256

    20388de158b5abaa0ae68b849318ed2132a87e0526ba07ebd163dd176f76f136

  • SHA512

    503797956212ca0b011a07e95d1dfeb315367d7f735c37a5e572654dd294980a88556a5e9708c44cfba36033697ace8b6aaaf860bd96d713613ec3cd00c62918

  • SSDEEP

    12288:PRZN2w3LDilmyd4gA9j0D/Khm90MSc8IknnTCR:5ZN2w3LDikyWt0D/YVMSc8Ikn0

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://linkwotowoto.club/new/two.php

Targets

    • Target

      TSD.exe

    • Size

      649KB

    • MD5

      2574234ccd8503284e9d4d910e39e132

    • SHA1

      aa7943ef2c8979d4daf653b056649a5dff0718c0

    • SHA256

      8be47965011a00d57e60ab3b16c89fabb9cfc3b4e9330044853711fa4166617c

    • SHA512

      e9ac30e44040e375f1394a2b8ab8a8c113b1e94119d328e2730e85c1b5a2bf3ac731f91dc68eca4cae8722109b04193f228fc0433e40bc57fadc6fc78ecdcbe7

    • SSDEEP

      12288:B6UaeOpx41/an46A9jmP/uhu/yMS08CkntxYRML:kLeza4fmP/UDMS08Ckn3z

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks