kutaki | 03e067b68230dd9da8e74c905e862dd1f7c094a35606405d4e426f8ba02981bc | Triage

Submit
Reports

Overview

overview

Static

static

Payment_Receipt.exe

windows7-x64

Payment_Receipt.exe

windows10-2004-x64

Sharing

General

Target

Payment_Receipt.zip
Size

422KB
Sample

230630-pp8tqabd95
MD5

c673b09e0527528bbd30c5d03b7af463
SHA1

48e5b652d16a4eddb07ae119638a504ba477a486
SHA256

03e067b68230dd9da8e74c905e862dd1f7c094a35606405d4e426f8ba02981bc
SHA512

2b64a045aa3812515c183b07b8b7f171bdde94e79e9cc13cccce0713c836edd8ebef958ed232ddb6d191fa022115df2eb8790b2ff9bc6cc928c5deddcb3b2701
SSDEEP

12288:pokf0ngJ6K36HBx04cA9jmd/uhoVyM+08CknJTYR8:pSK6o6HBtJmd/UZM+08CknpJ

Score

10^/10

kutaki keylogger stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Payment_Receipt.exe

Resource

win7-20230621-en

kutaki keylogger stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment_Receipt.exe

Resource

win10v2004-20230621-en

kutaki keylogger stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://newloshree.xyz/work/son.php

Targets

- Target
  
  Payment_Receipt.exe
- Size
  
  812KB
- MD5
  
  fad8c7f1f023b519a8bc97f44c845f1b
- SHA1
  
  e305349bd0dda9732aaab10499153d6e80ce11bc
- SHA256
  
  c056c58e3d32716447e27dbe38e784b685203dededddf1253ba4051d0a7a174a
- SHA512
  
  ff1a302e99ad89f01c805517085fd76291ee594edc0e9e9c3980cd47dbf1c2429016b11df3b7621eb96da914809b2bb47e5291ec3cd2894f43ff116f9ce39fb3
- SSDEEP
  
  12288:jw/h2mDPAtjj4cv6aiUoIxbU546A9jmP/uhu/yMS08CkntxYRK:EPmjj4cZfmP/UDMS08Ckn3n
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

kutakikeyloggerstealer

© 2018-2024

Terms | Privacy