kutaki | SecuriteInfo[.]com[.]Variant[.]Symmi[.]62789[.]26138[.]22523 | Triage

Sharing

General

Target

SecuriteInfo.com.Variant.Symmi.62789.26138.22523
Size

1.3MB
MD5

696e80260ef63b7915996c5ae37e3969
SHA1

c944a69729abc5d5c757d5e87458d80f1a29c123
SHA256

f128b47c15bafda3c7379b8ee62b839d7d9971e5740fe6c2a7f8e1f6b452bec8
SHA512

97b472bfe733965a606677e621bbd9247b660ba3a9d7f64ce7ec95539610de7ceeb8af93f34b63a9d1bf76a9fb16bb569bc83139f6749752762bcc4222ae9b2e
SSDEEP

24576:8kWYldr5HE+wS7aPK3v9oE3IfFAnQDufmP/UDMS08Ckn3Z:8kWk5cS7a+9XYaQqfmP/SA8NJ

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://ojorobia.club/laptop/laptop.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
sample	family_kutaki

Kutaki family
kutaki

Files

SecuriteInfo.com.Variant.Symmi.62789.26138.22523
.exe windows x86

e715f3c5058fd2de28211e01a1b3ec74

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ