kutaki | 86f2f67706a120d121c11a372895ab615bf2bfb0cba091a850e17ccd8d8855ad | Triage

Submit
Reports

Overview

overview

Static

static

Tax Paymen...on.exe

windows7-x64

Tax Paymen...on.exe

windows10-2004-x64

Sharing

General

Target

f6055f8771a3cedda61a3dc1ccbcec24.zip
Size

336KB
Sample

231107-g4bhrscf7y
MD5

f6055f8771a3cedda61a3dc1ccbcec24
SHA1

bb82da45d019c38a322547f00fbf417c7301edf5
SHA256

86f2f67706a120d121c11a372895ab615bf2bfb0cba091a850e17ccd8d8855ad
SHA512

f4b2da67419b20d9de0dbb6fbd324510ded26d9009912ff709b28e2418a2ebde9ad980f659b749f8dd3622b5df2b1ccdb6908e30997f4878b0d08efd4457e93f
SSDEEP

6144:mqN2xpdMy58FAHHL1+4GpA9jQHL/VCSS3hwVlMbk2u5QMSIy+lqkHTonerW/lYRB:mjpdM48Cg48A9jQr/Uh8peMSI8EknPdK

Score

10^/10

kutaki keylogger stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Tax Payment Confirmation.exe

Resource

win7-20231023-en

kutaki keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Tax Payment Confirmation.exe

Resource

win10v2004-20231020-en

kutaki keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://linkwotowoto.club/new/two.php

Targets

- Target
  
  Tax Payment Confirmation.exe
- Size
  
  501KB
- MD5
  
  229542167bc737c7ceec0394cb8eae67
- SHA1
  
  b1fdf16782bee715faf2fe7f1581272793708e08
- SHA256
  
  09caf68ad8cb1a459675913732e7191285d03e7b83e244b5ddce69e0b97c1fc5
- SHA512
  
  7d8995c724c598de8a05e7f5ea2e50f1583dcfc5611143ac4290bc8a77eeeecf3e3fd55acc687b92bc4745f7e194487f0c21504a695b95dcb9eaebb048da5d5d
- SSDEEP
  
  12288:gYcs+XKy/AZe+e9AP8LP810o4HfyNQlQj0DunOq0Mte9oIopkyd+wMeMIC10pqTD:gYcs+XKy/AZeJ9AP8LP810o4HfyNQlQS
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

kutakikeyloggerstealer

© 2018-2024

Terms | Privacy