kutaki | SecuriteInfo[.]com[.]Variant[.]Symmi[.]62789[.]16418[.]11572 | Triage

Sharing

General

Target

SecuriteInfo.com.Variant.Symmi.62789.16418.11572
Size

1.1MB
MD5

426530a6d99b019e7578d3aa0373d9da
SHA1

d3be564f3cd8d9f56583b081f8f8c62515132e78
SHA256

78917b96f538328e610b038d2f7ed877d64b1fba345071ec00161db94415a204
SHA512

342430f298455e9c02f6a4cdc3b8d15d94bfec76b58e001ee1f4ce128917f550e68cec8ee0847177dd239db36d5e12db386f583b507ec153b863cb8865f59f5c
SSDEEP

24576:xyM8JTmsOe46D5tKERWpnhNjQlUPnGYI5aDMcfmP/UDMS08Ckn30:YMsD46lgEshNjQmuYMaocfmP/SA8Nk

Score

10^/10

kutaki

Malware Config

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
sample	family_kutaki

Kutaki family
kutaki

Files

SecuriteInfo.com.Variant.Symmi.62789.16418.11572
.exe windows x86

b5046d0cbaa5a4c738f3e5d31c133c91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord588
ord696
ord698
MethCallEngine
ord621
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord303
ord598
ord520
ord309
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord570
ord648
ord571
ord573
ord681
ord576
ord685
ord100
ord689
ord613
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 900KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ