Static task
static1
Behavioral task
behavioral1
Sample
your neft payment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
your neft payment.exe
Resource
win10v2004-20220414-en
General
-
Target
your neft payment.bat
-
Size
1.2MB
-
MD5
369bea3b89272cdb52b9de5d89890931
-
SHA1
ee67c86d5e77dc47a1d25bfc0f88e37c08f28bce
-
SHA256
2678b39e1010dff9c1b9ca3f1580f7a6a580626ff07cbbf434cf66a933d78053
-
SHA512
2ff2dc2997736ff7ce020dd1416424650492144c9b7a1b8c82b166d9bd911353aa093e7b77cf1f28f38be17580dee33ee682fc7ae723f36305b9c61b861a2717
-
SSDEEP
24576:kzkWYldr5HE+wS7aPK3v9oE3IfFAnQD+fmP/UDMS08Ckn3Z:AkWk5cS7a+9XYaQSfmP/SA8NJ
Malware Config
Signatures
-
Kutaki Executable 1 IoCs
Processes:
resource yara_rule sample family_kutaki -
Kutaki family
Files
-
your neft payment.bat.exe windows x86
4e0c9a2a5543904ed14616866762c29d
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord690
ord696
ord698
MethCallEngine
ord621
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord524
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord570
ord648
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord650
ord580
ord581
Sections
.text Size: 992KB - Virtual size: 990KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 264KB - Virtual size: 261KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ