Extracted

• • Target

    e469d954208648089041e21f6d882702_JaffaCakes118

  • Size

    2.7MB

  • MD5

    e469d954208648089041e21f6d882702

  • SHA1

    454bf06e9f471a7590187c7806231cb957fec5e5

  • SHA256

    03dd5030cf9419d5f328b6ddf8bce820199c0aad46caf85c68aeb1645133972d

  • SHA512

    54f53702056611a8be894a77651f8635bfddaa0be1705a983497b290b4b1ea8fd8513db4ddcb0831beba9fda421efb2cf67921679a5863ead16462fba478ca9a

  • SSDEEP

    24576:pZKlRgOIfgOIcVylQpgst89780uEOjxWfmP/UDMS08Ckn3U:pZMW5/pVP5tI7nfmP/SA8Nk

  Score

  10^/10

  kutakikeyloggerstealer

  • Kutaki

    Information stealer and keylogger that hides inside legitimate Visual Basic applications.

    stealerkeyloggerkutaki

  • Kutaki Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2