kutaki | ec5a7e9539938fcb1c2feadf59afa9e864144e52aeb6a4715cc50f188c72c053 | Triage

Resubmissions

08-08-2023 17:00

230808-vjbjxsfg5y 10

08-08-2023 13:18

230808-qkbh4acf95 10

Sharing

General

Target

Income-Tax.exe
Size

529KB
Sample

230808-qkbh4acf95
MD5

8a182209d4a6fea9223298590e59bd7e
SHA1

909b60f35926c3173d36ce80127fb7792ef86402
SHA256

ec5a7e9539938fcb1c2feadf59afa9e864144e52aeb6a4715cc50f188c72c053
SHA512

425d15a1e9c9967514edaad9357182fe0ef5b392d072cf300bdf02e9927687adbc00c45b7345aae481e38dbbf4a4a3152756cb89e99a93f252c7cc740746ed38
SSDEEP

12288:TOJHqVR3f53gG46A9jmP/uhu/yMS08CkntxYR7L:68VRvWRfmP/UDMS08Ckn32

Score

10^/10

kutaki keylogger stealer

Malware Config

Extracted

Family

kutaki

C2

http://waaatlink.xyz/hello/son.php

Targets

- Target
  
  Income-Tax.exe
- Size
  
  529KB
- MD5
  
  8a182209d4a6fea9223298590e59bd7e
- SHA1
  
  909b60f35926c3173d36ce80127fb7792ef86402
- SHA256
  
  ec5a7e9539938fcb1c2feadf59afa9e864144e52aeb6a4715cc50f188c72c053
- SHA512
  
  425d15a1e9c9967514edaad9357182fe0ef5b392d072cf300bdf02e9927687adbc00c45b7345aae481e38dbbf4a4a3152756cb89e99a93f252c7cc740746ed38
- SSDEEP
  
  12288:TOJHqVR3f53gG46A9jmP/uhu/yMS08CkntxYR7L:68VRvWRfmP/UDMS08Ckn32
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2