kutaki | YOUR NEFT PAY[.]cmd | Triage

Sharing

General

Target

YOUR NEFT PAY.cmd
Size

1.3MB
MD5

f25c22f38bb732e20c691cba2cdccf84
SHA1

22e4e3d56dfab31dc3e74880090c7615313527d5
SHA256

447574ed06b4e8cb0e9a379b09954355e5e7cc70d48083b52b7ec572bd07c0e2
SHA512

3ece4008151eb32967b238bd316cfc5d93dfd7aa87c85f4f6fadf5867c8de7d13fcdaacfb2b0947e59e37d86705c58a76b9ff4108e0540066ab450bab558ed72
SSDEEP

12288:MMbkbcjxr46A9jmP/uhu/yMS08CkntxYRi:tSfmP/UDMS08Ckn3f

Score

10^/10

kutaki

Malware Config

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
sample	family_kutaki

Kutaki family
kutaki

Files

YOUR NEFT PAY.cmd
.exe windows x86

fa014f69948ce553d5ae69e28dfd2696

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord300
ord594
ord301
ord595
ord596
ord303
ord598
ord306
ord520
ord307
ord309
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord314
ord713
ord315
ord714
ord607
ord316
ord608
ord317
ord716
ord318
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord610
ord612
ord616
ord617
ord618
ord619
ord650
ord547
ord581

Sections

.text
Size: 960KB - Virtual size: 958KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ