kutaki | 267c4bb4b2e4c2b06f3b63d58f12a6b4e254d98d36dafab61ac5867b8e7e31b2 | Triage

Submit
Reports

Overview

overview

Static

static

2114e284c9...8d.exe

windows7-x64

2114e284c9...8d.exe

windows10-2004-x64

Sharing

General

Target

816cdd0d2e0852404804a683d1cd1b53.bin
Size

336KB
Sample

231110-ct26hshg4t
MD5

a1e711dc50bf6f9cbb2481cd43a1a951
SHA1

80f4b5b905797d95f2c0d0b2dba3efd03e7940c5
SHA256

267c4bb4b2e4c2b06f3b63d58f12a6b4e254d98d36dafab61ac5867b8e7e31b2
SHA512

a0e1f8288d302d369397a205abd24cc7401cd182243fe9fd11f602ea5ae097b110e6f3cb733ee93855c75e572e6035883e2773f8f6d43d7a47150760812b03dc
SSDEEP

6144:B65gnZTBsCLGr+peirQ4VBiMKM6qujUr20Poq0phUQhluBLeTfphpVfT:B65OnFrQxb8ujUr2CKh/KxeTfXb

Score

10^/10

kutaki keylogger stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2114e284c9636a3b015aadb156369d5c55dc29541bc9f27ecf3724f16a65fa8d.exe

Resource

win7-20231023-en

kutaki keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2114e284c9636a3b015aadb156369d5c55dc29541bc9f27ecf3724f16a65fa8d.exe

Resource

win10v2004-20231020-en

kutaki keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://linkwotowoto.club/new/two.php

Targets

- Target
  
  2114e284c9636a3b015aadb156369d5c55dc29541bc9f27ecf3724f16a65fa8d.bin
- Size
  
  501KB
- MD5
  
  816cdd0d2e0852404804a683d1cd1b53
- SHA1
  
  9842b46047c8ef18a2041a7a35fe3b51515dd829
- SHA256
  
  2114e284c9636a3b015aadb156369d5c55dc29541bc9f27ecf3724f16a65fa8d
- SHA512
  
  9648bb75a15afb57baeb7c9becf994dece54f499f04df344210c8241839d493599b71cf7ae7a9f4f790009ba3a9b8d2f80df7db41bac5b78edce20bd1a115cf2
- SSDEEP
  
  12288:6Ycs+XKy/AZe+e9AP8LP810o4HfyNQlQj0DunOq0Mte9oIopkyd+wMeMIC10pqTO:6Ycs+XKy/AZeJ9AP8LP810o4HfyNQlQn
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

kutakikeyloggerstealer

© 2018-2024

Terms | Privacy