Overview

overview

10

Static

static

10

Challan.exe

windows7-x64

1

Challan.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97a4007da195e9a00bd0e105813f1564.zip

  • Size

    336KB

  • Sample

    231108-tjg62acf4t

  • MD5

    97a4007da195e9a00bd0e105813f1564

  • SHA1

    1c5c17b72f8aa10a3597b2259db86ae8a1506d98

  • SHA256

    fd521a6a9e13b00329723103b9039e23950450f901da8f61cea3b92ff96dceee

  • SHA512

    7bb3905372fd5d7c76ab43460b1f68b029f793227f92bb5e1a09888c45a16cb30f280a5bb59b20a31d12711481e93f86c7b51bc20a3adbed6b72a18c4acd25bf

  • SSDEEP

    6144:ATRHhN+dhgsBVOJXd1+4GpA9jQHL/VCSS3hwVlMbk2u5QMSIy+lqkHTonerW/lY0:A9KDBSXG48A9jQr/Uh8peMSI8EknPdY0

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://linkwotowoto.club/new/two.php

Targets

    • Target

      Challan.exe

    • Size

      501KB

    • MD5

      816cdd0d2e0852404804a683d1cd1b53

    • SHA1

      9842b46047c8ef18a2041a7a35fe3b51515dd829

    • SHA256

      2114e284c9636a3b015aadb156369d5c55dc29541bc9f27ecf3724f16a65fa8d

    • SHA512

      9648bb75a15afb57baeb7c9becf994dece54f499f04df344210c8241839d493599b71cf7ae7a9f4f790009ba3a9b8d2f80df7db41bac5b78edce20bd1a115cf2

    • SSDEEP

      12288:6Ycs+XKy/AZe+e9AP8LP810o4HfyNQlQj0DunOq0Mte9oIopkyd+wMeMIC10pqTO:6Ycs+XKy/AZeJ9AP8LP810o4HfyNQlQn

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks