kutaki | SecuriteInfo[.]com[.]Variant[.]Symmi[.]62789[.]12610[.]17585 | Triage

Resubmissions

14-07-2022 15:43

220714-s6a6kahdak 10

17-06-2022 01:34

220617-by4dpscea7 10

Sharing

General

Target

SecuriteInfo.com.Variant.Symmi.62789.12610.17585
Size

1.1MB
MD5

b28430a5bb7d1628b5fee2c860852861
SHA1

b2668bb306df85a1dea2cf89583ed68b25ec3048
SHA256

5fe0019d6f989fce985675858bc07cb618533ae9d24021f17b269a95491790e6
SHA512

f04ef53619efa7dd3a06ae3207e21385ab9b5703d20a9a1b080430991e0410b3c21cd0409941316b610f7021d46f6bcc2989e5f49333f18f16f01dda414fdbc5
SSDEEP

24576:l3sZZe46D5tKERWpnhNjQlUPnGYI5aDM3fmP/UDMS08Ckn3r:lp46lgEshNjQmuYMao3fmP/SA8N7

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://ojorobia.club/laptop/laptop.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki Executable 1 IoCs

Processes:

resource yara_rule

sample family_kutaki
Kutaki family
kutaki

Files

SecuriteInfo.com.Variant.Symmi.62789.12610.17585
.exe windows x86

20ecf3c20f994073632a4e539cba960e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord661
ord667
ord591
ord593
ord594
ord595
ord596
ord303
ord598
ord520
ord309
ord524
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord606
ord714
ord607
ord608
ord716
ord717
ord534
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord610
ord612
ord616
ord617
ord618
ord619
ord650
ord581

Sections

.text
Size: 872KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ