Extracted

• • Target

    Challan.exe

  • Size

    501KB

  • MD5

    816cdd0d2e0852404804a683d1cd1b53

  • SHA1

    9842b46047c8ef18a2041a7a35fe3b51515dd829

  • SHA256

    2114e284c9636a3b015aadb156369d5c55dc29541bc9f27ecf3724f16a65fa8d

  • SHA512

    9648bb75a15afb57baeb7c9becf994dece54f499f04df344210c8241839d493599b71cf7ae7a9f4f790009ba3a9b8d2f80df7db41bac5b78edce20bd1a115cf2

  • SSDEEP

    12288:6Ycs+XKy/AZe+e9AP8LP810o4HfyNQlQj0DunOq0Mte9oIopkyd+wMeMIC10pqTO:6Ycs+XKy/AZeJ9AP8LP810o4HfyNQlQn

  Score

  10^/10

  kutakikeyloggerstealer

  • Kutaki

    Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    stealerkeyloggerkutaki

  • Kutaki Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2