kutaki | 2c87a4f8cd94516457dcb4f4563a558120b9b3f9f4aaef5d12eb383ef6b7d4ca | Triage

Submit
Reports

Overview

overview

Static

static

2c87a4f8cd...ca.exe

windows7-x64

2c87a4f8cd...ca.exe

windows10-2004-x64

Sharing

General

Target

2c87a4f8cd94516457dcb4f4563a558120b9b3f9f4aaef5d12eb383ef6b7d4ca
Size

561KB
Sample

240725-phlqls1epc
MD5

ae3ecc20ed5eb6d09ac71eed21cadc7b
SHA1

8a5c57538ab356dcf99a320fc3724e618411a7b7
SHA256

2c87a4f8cd94516457dcb4f4563a558120b9b3f9f4aaef5d12eb383ef6b7d4ca
SHA512

a91b222f4890cc53f159390bc5ff725d525a6fb64e9a58842b35ecd0b17a2b989593cea9d16b83473c9fccb3af072296ef0a99499843ca372257ab8fc9e110f1
SSDEEP

12288:dUJ+IF3iIj6bn46A9jmP/uhu/yMS08CkntxYRCL:m+HIe8fmP/UDMS08Ckn3x

Score

10^/10

kutaki discovery keylogger stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2c87a4f8cd94516457dcb4f4563a558120b9b3f9f4aaef5d12eb383ef6b7d4ca.exe

Resource

win7-20240704-en

kutaki discovery keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2c87a4f8cd94516457dcb4f4563a558120b9b3f9f4aaef5d12eb383ef6b7d4ca.exe

Resource

win10v2004-20240709-en

kutaki discovery keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

kutaki

C2

http://newlinkwotolove.club/love/three.php

Targets

- Target
  
  2c87a4f8cd94516457dcb4f4563a558120b9b3f9f4aaef5d12eb383ef6b7d4ca
- Size
  
  561KB
- MD5
  
  ae3ecc20ed5eb6d09ac71eed21cadc7b
- SHA1
  
  8a5c57538ab356dcf99a320fc3724e618411a7b7
- SHA256
  
  2c87a4f8cd94516457dcb4f4563a558120b9b3f9f4aaef5d12eb383ef6b7d4ca
- SHA512
  
  a91b222f4890cc53f159390bc5ff725d525a6fb64e9a58842b35ecd0b17a2b989593cea9d16b83473c9fccb3af072296ef0a99499843ca372257ab8fc9e110f1
- SSDEEP
  
  12288:dUJ+IF3iIj6bn46A9jmP/uhu/yMS08CkntxYRCL:m+HIe8fmP/UDMS08Ckn3x
Score

10^/10

kutaki discovery keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kutakidiscoverykeyloggerstealer

behavioral2

kutakidiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy