kutaki | f04ddd1ef19ab0ed436a554d95368055d9c6fae6f156710570a7423bad9e9929 | Triage

Submit
Reports

Overview

overview

Static

static

262393553d...0N.exe

windows7-x64

262393553d...0N.exe

windows10-2004-x64

Sharing

General

Target

262393553d01d6f0834416d382cf6480N.exe
Size

689KB
Sample

240817-fwb9nayeqe
MD5

262393553d01d6f0834416d382cf6480
SHA1

c6d04c2a5eb7694db7c75e703ee65dfb89fbae5d
SHA256

f04ddd1ef19ab0ed436a554d95368055d9c6fae6f156710570a7423bad9e9929
SHA512

92bd413af398d0e08ceba2e73eb2fdc0a65aa01351bf1e04fe690981c05d7a7692a096b474f45aa0fb455cf93bc8bc4ea0103e930350a538f134edcc1c56a69d
SSDEEP

12288:Ed+J+IF3iIj6I4ClL7y446A9jmP/uhu/yMS08CkntxYRfL:1+HIefw7ofmP/UDMS08Ckn36

Score

10^/10

kutaki discovery keylogger stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

262393553d01d6f0834416d382cf6480N.exe

Resource

win7-20240708-en

kutaki discovery keylogger stealer

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

262393553d01d6f0834416d382cf6480N.exe

Resource

win10v2004-20240802-en

kutaki discovery keylogger stealer

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Extracted

Family

kutaki

C2

http://newlinkwotolove.club/love/three.php

Targets

- Target
  
  262393553d01d6f0834416d382cf6480N.exe
- Size
  
  689KB
- MD5
  
  262393553d01d6f0834416d382cf6480
- SHA1
  
  c6d04c2a5eb7694db7c75e703ee65dfb89fbae5d
- SHA256
  
  f04ddd1ef19ab0ed436a554d95368055d9c6fae6f156710570a7423bad9e9929
- SHA512
  
  92bd413af398d0e08ceba2e73eb2fdc0a65aa01351bf1e04fe690981c05d7a7692a096b474f45aa0fb455cf93bc8bc4ea0103e930350a538f134edcc1c56a69d
- SSDEEP
  
  12288:Ed+J+IF3iIj6I4ClL7y446A9jmP/uhu/yMS08CkntxYRfL:1+HIefw7ofmP/UDMS08Ckn36
Score

10^/10

kutaki discovery keylogger stealer
- Kutaki
  Information stealer and keylogger that hides inside legitimate Visual Basic applications.
  stealer keylogger kutaki
- Kutaki Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

kutakidiscoverykeyloggerstealer

behavioral2

kutakidiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy