Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Symmi.62789.26421.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Symmi.62789.26421.exe
Resource
win10v2004-20220721-en
General
-
Target
SecuriteInfo.com.Variant.Symmi.62789.26421.19729
-
Size
1.3MB
-
MD5
5e10013ea2325b25d71fa7731b150c50
-
SHA1
3dc974c7eb43e2728b0dc660915e222f04d21800
-
SHA256
ac08f85dffd331e7c9b5a4ff14b4518b4ad1220effd27215ac827bb2278bbb74
-
SHA512
2ea4216048cceec7ba4e905abd9fd8eef54c24f5b10fb7162dd66e16e5d9c02195c5db6f32fbe9fa02a37fc217dc6d817131637eebb137e854ae3fa82ab36a93
-
SSDEEP
24576:UtGkWYldr5HE+wS7aPK3v9oE3IfFAnQDXFzCfmP/UDMS08Ckn3H:7kWk5cS7a+9XYaQzFzCfmP/SA8N3
Malware Config
Extracted
kutaki
http://ojorobia.club/laptop/laptop.php
http://terebinnahicc.club/sec/kool.txt
Signatures
-
Kutaki Executable 1 IoCs
Processes:
resource yara_rule sample family_kutaki -
Kutaki family
Files
-
SecuriteInfo.com.Variant.Symmi.62789.26421.19729.exe windows x86
54ad52e3d9970728d298cd695e3f6331
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord660
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord560
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 264KB - Virtual size: 261KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ