Overview

overview

10

Static

static

10

Tax Paymen...an.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Tax Payment Challan.zip

  • Size

    400KB

  • Sample

    240219-etre5ahe4t

  • MD5

    cdb21e5398df908a2665fb7675bf6736

  • SHA1

    83f9a0fad9abdd169d1148efb0bbf17ad46ef4fc

  • SHA256

    c1dee46173e24ff77bf3723de5285b05ecfdc6bf2abdd4d885e4195aa90d520c

  • SHA512

    6154a31b0439d74e99ffa312f26dfc8c12e1758c5c406be58fb94b6a2578648a5159e0d5b1839ae16c28c07a12dbc5bf4a899326de60f4124cfe058ad35b5ddc

  • SSDEEP

    12288:gKIwnuMfTGB0C4OA95m9/whWzeM608GknTdYRH:grsuOztJm9/OJM608Gknpg

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://linkwotowoto.club/new/two.php

Targets

    • Target

      Tax Payment Challan.exe

    • Size

      597KB

    • MD5

      dd1d64884898d506bf90c29890f1b4bc

    • SHA1

      e1ea541eb0a3ab8670e77d124da4ceb4b8febc9b

    • SHA256

      d2aab40a9073aa3f2970017b652e4d42e34ad11c5505994ba8945013aedac69e

    • SHA512

      bf5fa648c0fe45b346a50bbb5b8fd0ff7af5aa17df3a3a37df03f6d76ebcd35b6906851e1138bd111c1010815c4f31aaaa5f00fa44f73d648e32e6592c500f99

    • SSDEEP

      12288:TK1aFT8EUJHvXH/Xgx46A9jmP/uhu/yMS08CkntxYReaL:TBYLJvXH/wqfmP/UDMS08Ckn3o

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks