Overview

overview

10

Static

static

10

Payment Channel.exe

windows7-x64

10

Payment Channel.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.4e95c654625af3c239740b6d8f1799d5ad938bcb9404d2935c5240c22985d76b.zip

  • Size

    336KB

  • Sample

    231110-r17f5sgh4s

  • MD5

    800999621ec6036d4ca4070733a1a76a

  • SHA1

    53ee4f63acd929f3a74f91367535015643f2fab9

  • SHA256

    4e95c654625af3c239740b6d8f1799d5ad938bcb9404d2935c5240c22985d76b

  • SHA512

    3e6509d958f07bf925655996674441c33deb9b92c367b9fbd33f8e942a2b674104eacb8f4ce9df5e34c8cafa83e9366d65ef73021a15a4c8f291e6e71f207a58

  • SSDEEP

    6144:AtqN2xpd9yDiR2Z1+4GpA9jQHL/VCSS3hwVlMbk2u5QMSIy+lqkHTonerW/lYRN:Atjpd9h2y48A9jQr/Uh8peMSI8EknPd8

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://linkwotowoto.club/new/two.php

Targets

    • Target

      Payment Channel.exe

    • Size

      501KB

    • MD5

      646849ab728ff631b3c70480638e6a2a

    • SHA1

      8f9f70ef43add2a45e0a2430b2d9680616faef8b

    • SHA256

      b8e4bcb3699104e49979cc86b84ce278bd6b9b392d65d465ac1acd7808ed0db0

    • SHA512

      32f0a0949c33e0b34239581bbb86d3ee42acdaddc9856c78a55b88924dcade166663e2c8345040dbc2f383b74ebda88e952d9091643d8a7ea8e5d1fd82002de3

    • SSDEEP

      12288:7Ycs+XKy/AZe+e9AP8LP810o4HfyNQlQj0DunOq0Mte9oIopkyd+wMeMIC10pqT1:7Ycs+XKy/AZeJ9AP8LP810o4HfyNQlQM

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks