Overview

overview

10

Static

static

10

bb66a2b312...ba.exe

windows7-x64

10

bb66a2b312...ba.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb66a2b312b016cf0fa6cc05043f87ba

  • Size

    376KB

  • Sample

    240308-qxwpsshb9x

  • MD5

    bb66a2b312b016cf0fa6cc05043f87ba

  • SHA1

    0921f77b7bde2a380056d0a279c87dcc66c047a7

  • SHA256

    e539bda619e24bb25719a6d5cf637643965d2561cd35ce24543d6a2f61963cf8

  • SHA512

    21099c4190e790c09eb4b83d4070a7699395b7ff7f8743bf27ea5a6dbe38eb40a4d7fa76e8b5f1f3878c75666d7fca95d80bc25e848e1b23482692efee8d83eb

  • SSDEEP

    6144:gIaXScb1S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHTonWryFDYRF:T46A9jmP/uhu/yMS08CkntxYRF

Score
10/10
kutakikeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://sdaskmda.club/papa/love.php

http://terebinnahicc.club/sec/kool.txt

Targets

    • Target

      bb66a2b312b016cf0fa6cc05043f87ba

    • Size

      376KB

    • MD5

      bb66a2b312b016cf0fa6cc05043f87ba

    • SHA1

      0921f77b7bde2a380056d0a279c87dcc66c047a7

    • SHA256

      e539bda619e24bb25719a6d5cf637643965d2561cd35ce24543d6a2f61963cf8

    • SHA512

      21099c4190e790c09eb4b83d4070a7699395b7ff7f8743bf27ea5a6dbe38eb40a4d7fa76e8b5f1f3878c75666d7fca95d80bc25e848e1b23482692efee8d83eb

    • SSDEEP

      6144:gIaXScb1S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHTonWryFDYRF:T46A9jmP/uhu/yMS08CkntxYRF

    Score
    10/10
    kutakikeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks