kutaki | Payment Confirmation Invoice[.]exe | Triage

Resubmissions

17-09-2022 21:15

220917-z36avsace4 10

12-09-2022 07:51

220912-jptrxacge8 10

Sharing

General

Target

Payment Confirmation Invoice.exe
Size

408KB
MD5

226bea0278f6534c83992d1ceac1c211
SHA1

b1a3df7bedbb45b0a2df9e575293d795996da01a
SHA256

29b194f5409b24a2bdf4b74f35e13a73e7e133dab36339f7b2cc9a0e4f007e17
SHA512

e889315f6609ace41811e0f7379cccb802b0ed3012337f9653241b3a0bdaf9b9bf523b9134b2e373d9117118fef68565c1a5e7eb57ddb53c2656277f2957277e
SSDEEP

6144:ax9Xwhm7c/n10V7cMW4Es+CS/wUcvzUjSa5pK2mKdl0TruunfD09gfJChgGJhCj:abXwhm7a1gB4/8vYjDpK8atfx8hDu

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
sample	family_kutaki

Kutaki family
kutaki

Files

Payment Confirmation Invoice.exe
.exe windows x86

5cb087ed93d189235a6531d416a88c86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord666
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ