kutaki | E-Invioce_23894[.]cmd | Triage

Resubmissions

14-07-2022 15:43

220714-s5y61acbd2 10

13-06-2022 10:06

220613-l43dpsfedl 10

Sharing

General

Target

E-Invioce_23894.cmd
Size

1.5MB
MD5

350a4846873dece26848e64154d19a6d
SHA1

fce16311dc6c14665ea167a28166d6bb19a8fa2d
SHA256

56dd24957c30f559a8ff2daac9d648242e8189495d354bc93d7cbe6625596383
SHA512

dcc6d69b6a503f0241b37a42c928fb3a6d5f4e34aeaf5997fd103e90021a23a40a4d5a9d6ca4646713dbc786668a0e32969590ea9eb2ec8f993b7d7848bed29d
SSDEEP

24576:2Mjlxu1t+S0kLaSW/u/a+DzovnwNnxV/gb7e2AsvwbR281zYfmP/UDMS08Ckn3q:rlAR0kL1t8nO/CAsn81zYfmP/SA8Na

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://ojorobia.club/laptop/laptop.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki Executable 1 IoCs

Processes:

resource yara_rule

sample family_kutaki
Kutaki family
kutaki

Files

E-Invioce_23894.cmd
.exe windows x86

67f310695ece8f1856c07ea3008696c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ