Overview

overview

10

Static

static

10

HDFC Payment.exe

windows7-x64

10

HDFC Payment.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HDFC Payment.exe

  • Size

    1.0MB

  • Sample

    241119-yxn9qa1pav

  • MD5

    c884ae57f21fbee98f3327583a408412

  • SHA1

    de718911e64d84670c48095febab54d4f130f3cf

  • SHA256

    65357d5cab8976dd6cd93dc4a6defc6ec2f03312f60036ecc963684189b93d5f

  • SHA512

    aa545b01561628aacf03b2e0e131fda681707a52ce4a2e051b0d3946bf776630bc097ffc5c957fa68077b5b445540fa8c28c4aa8f5f686f1aee8f5a6e841a668

  • SSDEEP

    24576:LtVdLmI1ppy9ABspxs140l665y38kQkILfmP/UDMS08Ckn3C:xLxM9ABspxs115fmP/SA8NS

Score
10/10
kutakidiscoverykeyloggerstealer

Malware Config

Extracted

Family

kutaki

C2

http://newlinkwotolove.club/love/three.php

Targets

    • Target

      HDFC Payment.exe

    • Size

      1.0MB

    • MD5

      c884ae57f21fbee98f3327583a408412

    • SHA1

      de718911e64d84670c48095febab54d4f130f3cf

    • SHA256

      65357d5cab8976dd6cd93dc4a6defc6ec2f03312f60036ecc963684189b93d5f

    • SHA512

      aa545b01561628aacf03b2e0e131fda681707a52ce4a2e051b0d3946bf776630bc097ffc5c957fa68077b5b445540fa8c28c4aa8f5f686f1aee8f5a6e841a668

    • SSDEEP

      24576:LtVdLmI1ppy9ABspxs140l665y38kQkILfmP/UDMS08Ckn3C:xLxM9ABspxs115fmP/SA8NS

    Score
    10/10
    kutakidiscoverykeyloggerstealer

    • Kutaki

      Information stealer and keylogger that hides inside legitimate Visual Basic applications.

      stealerkeyloggerkutaki

    • Kutaki Executable

    • Kutaki family

      kutaki

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks