kutaki | d510b26ecf363b3ff1889ae6057482bbba5254cf7440ed42efaa37fa3aa8cf69 | Triage

Sharing

General

Target

d510b26ecf363b3ff1889ae6057482bbba5254cf7440ed42efaa37fa3aa8cf69
Size

3.1MB
MD5

79e5e9c2a96ad4bf443565f151afd809
SHA1

a6a692f7e9733f823d9659e6bae87c096f0f1170
SHA256

d510b26ecf363b3ff1889ae6057482bbba5254cf7440ed42efaa37fa3aa8cf69
SHA512

7d0f385dc4a480fe366461fd0221b7c792d41a35fea5b9586c083f5cf9f42a5a2a916c60bf71f82ce32b899c61626f761f51bfe904b9e8fee68d7605af8b4019
SSDEEP

12288:C1dAHWyU4QtcQSsdgHy46A9jmP/uhu/yMS08CkntxYRh:A1rtqfJfmP/UDMS08Ckn3g

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://ojorobia.club/laptop/laptop.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
sample	family_kutaki

Kutaki family
kutaki

Files

d510b26ecf363b3ff1889ae6057482bbba5254cf7440ed42efaa37fa3aa8cf69
.exe windows x86

f2c2e5996924ee8596466786d18ea8a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
ord583
ord690
ord588
ord696
ord698
MethCallEngine
ord516
ord517
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord599
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord531
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ