kutaki | RTGS_Payment[.]zip | Triage

Sharing

General

Target

RTGS_Payment.zip
Size

328KB
MD5

1d0ae9996cead47fb88bfff3c6ad1e16
SHA1

234ec1f3e2fa4e618bcaabbc3f01c13f20436bdd
SHA256

b5d3d965444fd3e7a0df7821d7ac2343dd3e4feb9fcd12e2be0910cee2b51850
SHA512

4e38e06a3c1a0b1c929f8acadea4e86a5a84cc32e86f26daf02c9f320f7c10485ff8c2910dc31d0d82c9c0b7f9b89b1efe33e79c16c5362d879c562a104ce371
SSDEEP

6144:yNj/T5oJBOijNse4ilA9pmfv/VCOY37w9lebkKu1QIS0y+lo1iHToXWVynDYR5f:yNj/tovOijNse4mA9pmX/E7uNyIS0q1G

Score

10^/10

kutaki

Malware Config

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
static1/unpack001/RTGS_Payment.exe	family_kutaki

Kutaki family
kutaki

Files

RTGS_Payment.zip
.zip
RTGS_Payment.exe
.exe windows x86

ca4f635ec97d724f1cd62e6df0037c4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord660
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord572
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord650
ord581

Sections

.text
Size: 700KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ