kutaki | RTGS_Note[.]cmd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RTGS_Note.cmd.exe
Size

2.3MB
MD5

5cee36976a9c52e070139bd9d1ae49c0
SHA1

73aebca1dd942abcefb89747a995ded655910b66
SHA256

4462a3f62272eb2165d6068b534c4f0677bddb7cd97aac84406af725845711dd
SHA512

00a62e1e747f84c12a88b6dc748b7ee02024cd8bd8b08889010b3a10668529cc8a0c44ed01eba3a27850067cbeadc8b1ae046fff0ac3bf7a9e7d65bc009e63b5
SSDEEP

49152:ylkWk5cS7a+9XYaQhZehc4mTYJ78V9gyBn4cDfmP/SA8N:eajJaZ942KQV9hp4kfmP/SA8

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
sample	family_kutaki

Kutaki family
kutaki

Files

RTGS_Note.cmd.exe
.exe windows x86

d83deedae48034a6548e439d4224ca5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord606
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord571
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ