kutaki | 6492086998bb2a858614dc2310e2349d5a282eadc5a08376c1111dca7d765c7f | Triage

Submit
Reports

Overview

overview

Static

static

6492086998...7f.exe

windows7-x64

6492086998...7f.exe

windows10-2004-x64

Sharing

General

Target

6492086998bb2a858614dc2310e2349d5a282eadc5a08376c1111dca7d765c7f
Size

573KB
Sample

240226-nqndqscg8w
MD5

111d37dd39bb7f73b76eb13e22a16178
SHA1

c358557e24b87ae758606d707763bfa95da88a61
SHA256

6492086998bb2a858614dc2310e2349d5a282eadc5a08376c1111dca7d765c7f
SHA512

31b0424ce110261af02c23c94a60659301ba6eacc4223578b04fe1fc815f4eb41f7d899f6322e642a6df62e88580a4d70131a01500ebe12b9ffa46d9e7232bf4
SSDEEP

12288:Ua4NFT8ElW46A9jmP/uhu/yMS08CkntxYRtqL:J6YahfmP/UDMS08Ckn3v

Score

10^/10

kutaki keylogger stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

6492086998bb2a858614dc2310e2349d5a282eadc5a08376c1111dca7d765c7f.exe

Resource

win7-20240221-en

kutaki keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

6492086998bb2a858614dc2310e2349d5a282eadc5a08376c1111dca7d765c7f.exe

Resource

win10v2004-20240221-en

kutaki keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://linkwotowoto.club/new/two.php

Targets

- Target
  
  6492086998bb2a858614dc2310e2349d5a282eadc5a08376c1111dca7d765c7f
- Size
  
  573KB
- MD5
  
  111d37dd39bb7f73b76eb13e22a16178
- SHA1
  
  c358557e24b87ae758606d707763bfa95da88a61
- SHA256
  
  6492086998bb2a858614dc2310e2349d5a282eadc5a08376c1111dca7d765c7f
- SHA512
  
  31b0424ce110261af02c23c94a60659301ba6eacc4223578b04fe1fc815f4eb41f7d899f6322e642a6df62e88580a4d70131a01500ebe12b9ffa46d9e7232bf4
- SSDEEP
  
  12288:Ua4NFT8ElW46A9jmP/uhu/yMS08CkntxYRtqL:J6YahfmP/UDMS08Ckn3v
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

kutakikeyloggerstealer

© 2018-2024

Terms | Privacy