kutaki | c8dde67c39a7356c76a22ec4a5747bba24a7887cdc2c55b67bcd3787bdf088ef | Triage

Sharing

General

Target

c8dde67c39a7356c76a22ec4a5747bba24a7887cdc2c55b67bcd3787bdf088ef
Size

1.6MB
MD5

69c60c7e1b8ba1f1a4c687c4bb476e96
SHA1

66e8488b0b660c3ae6c2e955fd5ccf48d33b1088
SHA256

c8dde67c39a7356c76a22ec4a5747bba24a7887cdc2c55b67bcd3787bdf088ef
SHA512

ac059c24bc2fb8d4ce49346dceae0b191c38dba32dd5b6b8b6e3821bf74fbf8cd97d4873434e14feac266a8616050710e3f64d546b1ad27c05b5e938d6becf6b
SSDEEP

24576:OkWYldr5HE+wS7aPK3v9oE3IfFAnQDafmP/UDMS08Ckn3:OkWk5cS7a+9XYaQmfmP/SA8N

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://ojorobia.club/laptop/laptop.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
sample	family_kutaki

Kutaki family
kutaki

Files

c8dde67c39a7356c76a22ec4a5747bba24a7887cdc2c55b67bcd3787bdf088ef
.exe windows x86

02abbd261c1368f9c3db1adfc4fea765

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord709
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ