kutaki | 541ce09cec54e8df1f14a5e25064929e3f3c151f0d68dd6968d229668443444b | Triage

Submit
Reports

Overview

overview

Static

static

541ce09cec...4b.exe

windows7-x64

541ce09cec...4b.exe

windows10-2004-x64

7

Sharing

General

Target

541ce09cec54e8df1f14a5e25064929e3f3c151f0d68dd6968d229668443444b
Size

754KB
Sample

240524-smpjvaae89
MD5

cc3dea0182a77c7ca10925e2c180bc62
SHA1

537cd49fa4abf265b69d9d0de982373544c643fc
SHA256

541ce09cec54e8df1f14a5e25064929e3f3c151f0d68dd6968d229668443444b
SHA512

99655f1a80a9aacb5f77917700f4303a53368e62d7807196b6e5fa917a40382523ea9ab42a81ba66d7c2bab12ff291bd2efc0399922ae578f8332e982fda40e0
SSDEEP

12288:K39b2oWvRykNICNEZjwJxtk46A9jmP/uhu/yMS08CkntxYRcBAL:KeNIuEZjqxVfmP/UDMS08Ckn3A

Score

10^/10

kutaki keylogger stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

541ce09cec54e8df1f14a5e25064929e3f3c151f0d68dd6968d229668443444b.exe

Resource

win7-20240419-en

kutaki keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

541ce09cec54e8df1f14a5e25064929e3f3c151f0d68dd6968d229668443444b.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://newlinkwotolove.club/love/three.php

Targets

- Target
  
  541ce09cec54e8df1f14a5e25064929e3f3c151f0d68dd6968d229668443444b
- Size
  
  754KB
- MD5
  
  cc3dea0182a77c7ca10925e2c180bc62
- SHA1
  
  537cd49fa4abf265b69d9d0de982373544c643fc
- SHA256
  
  541ce09cec54e8df1f14a5e25064929e3f3c151f0d68dd6968d229668443444b
- SHA512
  
  99655f1a80a9aacb5f77917700f4303a53368e62d7807196b6e5fa917a40382523ea9ab42a81ba66d7c2bab12ff291bd2efc0399922ae578f8332e982fda40e0
- SSDEEP
  
  12288:K39b2oWvRykNICNEZjwJxtk46A9jmP/uhu/yMS08CkntxYRcBAL:KeNIuEZjqxVfmP/UDMS08Ckn3A
Score

10^/10

kutaki keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

kutakikeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy