kutaki | 976a7fefb48c81afeaf9255f02201d65a353035b9bed7c8667de7df8b44b1421 | Triage

Sharing

General

Target

GETTING UP.zip
Size

2.1MB
Sample

230710-fc382agg22
MD5

6cac1435c08e380a10e3dae5f9d7655f
SHA1

e88b5d7e076aed33d9f32257335b64694a7e84be
SHA256

976a7fefb48c81afeaf9255f02201d65a353035b9bed7c8667de7df8b44b1421
SHA512

577ae318875e63d85f0e3d7e97337a5c32438754cd1dacf68dbe3df0ae0bacd3b35be31e4a56c99014656a5bc40e67c54efddfb3410190339fe445800f129def
SSDEEP

49152:smOkBN7cOL80efs2t6SbQHd5U0nzbOEkTV+E91RrjKDOnSULhqJmR/IK8RN:s3k3QC85sm9GzbOEu3XqDOnSULAJmR/y

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Targets

- Target
  
  GETTING UP.zip
- Size
  
  2.1MB
- MD5
  
  6cac1435c08e380a10e3dae5f9d7655f
- SHA1
  
  e88b5d7e076aed33d9f32257335b64694a7e84be
- SHA256
  
  976a7fefb48c81afeaf9255f02201d65a353035b9bed7c8667de7df8b44b1421
- SHA512
  
  577ae318875e63d85f0e3d7e97337a5c32438754cd1dacf68dbe3df0ae0bacd3b35be31e4a56c99014656a5bc40e67c54efddfb3410190339fe445800f129def
- SSDEEP
  
  49152:smOkBN7cOL80efs2t6SbQHd5U0nzbOEkTV+E91RrjKDOnSULhqJmR/IK8RN:s3k3QC85sm9GzbOEu3XqDOnSULAJmR/y
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Drops startup file
- Executes dropped EXE
behavioral1
- Target
  
  GETTING UP.zip
- Size
  
  2.1MB
- MD5
  
  ac2be39b165682e3267b5f8473b2685f
- SHA1
  
  10743747b414728652583c0c3cfaf66105bda852
- SHA256
  
  ee1ee41fc17214dda065a0cee7d6651bd8db9608200f70d02058c47d697c6a7a
- SHA512
  
  3eb0c2b897359b0aac02679b123e947fd7c9f95ee25621356f0181385b5b172dfb7b47afb83b1630053dd2b631a90de446b6dcf9ce07fcfe73c47c5ea0e1c126
- SSDEEP
  
  49152:+mOkBN7cOL80efs2t6SbQHd5U0nzbOEkTV+E91RrjKDOnSULhqJmR/IK8RI:+3k3QC85sm9GzbOEu3XqDOnSULAJmR/f
Score

1^/10
behavioral2
- Target
  
  GETTING UP.cmd
- Size
  
  2.3MB
- MD5
  
  b9c876b131b9916df5a95e017e276fbf
- SHA1
  
  5026ca0ba6b4301cf0353e737f60cac921c5190f
- SHA256
  
  73077188c541952e4cee319a28243793d2bad1d8f1669e5d744bb55733a1ef31
- SHA512
  
  88c33d30c445ac218bffdd8e282a8d04685dade95ab2c912f41b6c41b97ef308e2efa4fd17d257946b824d3bb510432f0553765abdb57b07d716d6dc29c9db7c
- SSDEEP
  
  49152:4kWk5cS7a+9XYaQaZehc4mTYJ78V9gyBn4cIfmP/SA8N:oajJRZ942KQV9hp4LfmP/SA8
Score

3^/10
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

behavioral3