Behavioral task
behavioral1
Sample
NEFT_Payment.exe
Resource
win7-20220718-en
General
-
Target
c6f03fe1e88eba449e3d525aebb408e4
-
Size
1.1MB
-
MD5
c6f03fe1e88eba449e3d525aebb408e4
-
SHA1
50f47e17d73e28e1df44af1f869ddc23ddddd650
-
SHA256
56a6bca7c19df8d148d6662a92c118035254d929df721f4112b7f59aece15866
-
SHA512
03da1c30f923e7297ba551d12646031c6f19860bf2c27991923f92e35ab973addcc4c50a49574f3ce7a91378d7a4f35a0caecc6143d83141c4ff5fb6fd3f5225
-
SSDEEP
24576:3BAyQdVzHYxgpy2V3PExY9UIkl1L6VJQpTmf/ijKS08Sknt/:3BmfHYxyy2VfExY9UIwL6VJgTmf/UK8j
Malware Config
Extracted
kutaki
http://ojorobia.club/laptop/laptop.php
http://terebinnahicc.club/sec/kool.txt
Signatures
-
Kutaki Executable 1 IoCs
Processes:
resource yara_rule static1/unpack001/NEFT_Payment.exe family_kutaki -
Kutaki family
Files
-
c6f03fe1e88eba449e3d525aebb408e4.zip
-
NEFT_Payment.exe.exe windows x86
f8f6290cc4fe327af7b2895638dfcb79
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord571
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581
Sections
.text Size: 1020KB - Virtual size: 1018KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 264KB - Virtual size: 261KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ