kutaki | 4e95c654625af3c239740b6d8f1799d5ad938bcb9404d2935c5240c22985d76b | Triage

Submit
Reports

Overview

overview

Static

static

Payment Channel.exe

windows7-x64

Payment Channel.exe

windows10-2004-x64

Sharing

General

Target

NEAS.4e95c654625af3c239740b6d8f1799d5ad938bcb9404d2935c5240c22985d76b.zip
Size

336KB
Sample

231110-r17f5sgh4s
MD5

800999621ec6036d4ca4070733a1a76a
SHA1

53ee4f63acd929f3a74f91367535015643f2fab9
SHA256

4e95c654625af3c239740b6d8f1799d5ad938bcb9404d2935c5240c22985d76b
SHA512

3e6509d958f07bf925655996674441c33deb9b92c367b9fbd33f8e942a2b674104eacb8f4ce9df5e34c8cafa83e9366d65ef73021a15a4c8f291e6e71f207a58
SSDEEP

6144:AtqN2xpd9yDiR2Z1+4GpA9jQHL/VCSS3hwVlMbk2u5QMSIy+lqkHTonerW/lYRN:Atjpd9h2y48A9jQr/Uh8peMSI8EknPd8

Score

10^/10

kutaki keylogger stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Payment Channel.exe

Resource

win7-20231023-en

kutaki keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment Channel.exe

Resource

win10v2004-20231020-en

kutaki keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://linkwotowoto.club/new/two.php

Targets

- Target
  
  Payment Channel.exe
- Size
  
  501KB
- MD5
  
  646849ab728ff631b3c70480638e6a2a
- SHA1
  
  8f9f70ef43add2a45e0a2430b2d9680616faef8b
- SHA256
  
  b8e4bcb3699104e49979cc86b84ce278bd6b9b392d65d465ac1acd7808ed0db0
- SHA512
  
  32f0a0949c33e0b34239581bbb86d3ee42acdaddc9856c78a55b88924dcade166663e2c8345040dbc2f383b74ebda88e952d9091643d8a7ea8e5d1fd82002de3
- SSDEEP
  
  12288:7Ycs+XKy/AZe+e9AP8LP810o4HfyNQlQj0DunOq0Mte9oIopkyd+wMeMIC10pqT1:7Ycs+XKy/AZeJ9AP8LP810o4HfyNQlQM
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

kutakikeyloggerstealer

© 2018-2024

Terms | Privacy