Overview

overview

10

Static

static

10

Challan.exe

windows7-x64

10

Challan.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Challan.exe

  • Size

    573KB

  • Sample

    240226-nptjcscg6z

  • MD5

    111d37dd39bb7f73b76eb13e22a16178

  • SHA1

    c358557e24b87ae758606d707763bfa95da88a61

  • SHA256

    6492086998bb2a858614dc2310e2349d5a282eadc5a08376c1111dca7d765c7f

  • SHA512

    31b0424ce110261af02c23c94a60659301ba6eacc4223578b04fe1fc815f4eb41f7d899f6322e642a6df62e88580a4d70131a01500ebe12b9ffa46d9e7232bf4

  • SSDEEP

    12288:Ua4NFT8ElW46A9jmP/uhu/yMS08CkntxYRtqL:J6YahfmP/UDMS08Ckn3v

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://linkwotowoto.club/new/two.php

Targets

    • Target

      Challan.exe

    • Size

      573KB

    • MD5

      111d37dd39bb7f73b76eb13e22a16178

    • SHA1

      c358557e24b87ae758606d707763bfa95da88a61

    • SHA256

      6492086998bb2a858614dc2310e2349d5a282eadc5a08376c1111dca7d765c7f

    • SHA512

      31b0424ce110261af02c23c94a60659301ba6eacc4223578b04fe1fc815f4eb41f7d899f6322e642a6df62e88580a4d70131a01500ebe12b9ffa46d9e7232bf4

    • SSDEEP

      12288:Ua4NFT8ElW46A9jmP/uhu/yMS08CkntxYRtqL:J6YahfmP/UDMS08Ckn3v

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks