kutaki | SecuriteInfo[.]com[.]W32[.]AIDetect[.]malware2[.]21162[.]19131 | Triage

Resubmissions

18/07/2022, 04:41

220718-fa5dbaafek 10

18/07/2022, 04:33

220718-e6hzhsafbm 10

Sharing

General

Target

SecuriteInfo.com.W32.AIDetect.malware2.21162.19131
Size

1.4MB
MD5

9156ad371784d9d3639d617e52216f35
SHA1

d83523bbbf918da1408faf0fb815456acb862b85
SHA256

24c617f6c994a7a2f8520020365669fbd3cf5535f893118cefc39401394c2e15
SHA512

fe99810ee3d2c9c970ce30a3a619ab2890fc8024f77e57f9f6e0420d70da18ebd132f61db9623f9ca9815ed4488c955be7893cdd211dfebecf8413a45597a146
SSDEEP

24576:yB9gUkWYldr5HE+wS7aPK3v9oE3IfFAnQDgfmP/UDMS08Ckn31:2fkWk5cS7a+9XYaQsfmP/SA8Nl

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://ojorobia.club/laptop/laptop.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
sample	family_kutaki

Kutaki family
kutaki

Files

SecuriteInfo.com.W32.AIDetect.malware2.21162.19131
.exe windows x86

0b872c226988c2615be27107896f0f4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
ord690
ord696
ord589
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord553
ord660
ord662
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord535
ord644
ord537
ord645
ord570
ord648
ord571
ord573
ord681
ord576
ord685
ord100
ord689
ord610
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord581

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ