Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Symmi.62789.19994.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Symmi.62789.19994.exe
Resource
win10v2004-20220721-en
General
-
Target
SecuriteInfo.com.Variant.Symmi.62789.19994.32517
-
Size
1.3MB
-
MD5
198abeac7d9443c364a42aa33b38e77a
-
SHA1
dd2a942a07cc7d2b39870ffb9ff0088cea9a8b1f
-
SHA256
73e60a75231e52d9f742df2d679c1ac4997147563c43348142b3b6dc9a4ee4a4
-
SHA512
f094c371a62f0a73b91e172166f127d312efa646ba4de4259b743086f9529f52296f89be65c084033dc7f7e2692180ea7ce72790cba2244f01dbf88d9be23c65
-
SSDEEP
24576:5tGkWYldr5HE+wS7aPK3v9oE3IfFAnQDXFz+fmP/UDMS08Ckn3J:mkWk5cS7a+9XYaQzFz+fmP/SA8N5
Malware Config
Extracted
kutaki
http://ojorobia.club/laptop/laptop.php
http://terebinnahicc.club/sec/kool.txt
Signatures
-
Kutaki Executable 1 IoCs
Processes:
resource yara_rule sample family_kutaki -
Kutaki family
Files
-
SecuriteInfo.com.Variant.Symmi.62789.19994.32517.exe windows x86
54ad52e3d9970728d298cd695e3f6331
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord660
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord560
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 264KB - Virtual size: 261KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ