kutaki | 60c691128b1bc40562404da05718b3e7[.]zip | Triage

Sharing

General

Target

60c691128b1bc40562404da05718b3e7.zip
Size

297KB
MD5

60c691128b1bc40562404da05718b3e7
SHA1

69fdd51612e945229d828b7408adfaaa6830a9e7
SHA256

0392b3c77ea02a9d0ab0a5802b0a8880989a1afd0a74cdbfe6bf540c92cfda1f
SHA512

e51bdb4dad6a8530d4e8e687037a8c44018850ee7d7f260d6f97b12b080d38a686c37007e85fe033f39ffa98dc9421a1b5f2a3a25e03ffc3ef7f9825109b5125
SSDEEP

6144:m7BZKv5J94Es+CSdw0MvzojSa7pC2smdl0TJuUn9D0ngfHCpggJhCje:md0i4dSv0jppCcaf9Zqpjue

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
static1/unpack001/JTF.exe	family_kutaki

Kutaki family
kutaki

Files

60c691128b1bc40562404da05718b3e7.zip
.zip
JTF.exe
.exe windows x86

a33ba303a37edb6054cbc630a168ae34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord519
ord626
ord666
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ