kutaki | Receipt[.]exe | Triage

Sharing

General

Target

Receipt.exe
Size

557KB
MD5

8aa46a680dee1077ddc3c3532f257f1c
SHA1

a0dd12b6d29540516de63419f7c9968e94c1adba
SHA256

42c326b155960ea90143b31d14c48bf081d6dc6bb74ce383cace3cdfe844a403
SHA512

5a4d528e7c7783aaaae84409190cdca68a2914edb040332aa65f8662288cd4e8aba1d5afde766f415717b90123c258e0aaf1cad6bc2b8af5994c6be404a8d223
SSDEEP

12288:TF5lcY4VALRvG46A9jmP/uhu/yMS08CkntxYRtL:xcOXfmP/UDMS08Ckn30

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
sample	family_kutaki

Kutaki family
kutaki

Files

Receipt.exe
.exe windows x86

5e028c949dcc1951092759fc4ad31b69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord519
ord626
ord666
ord667
ord591
ord593
ord300
ord594
ord595
ord596
ord598
ord599
ord306
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ