kutaki | Receipt[.]zip | Triage

Sharing

General

Target

Receipt.zip
Size

2.1MB
MD5

55d4862f67fedf1b6ea943ebebb4f2e7
SHA1

75726fa52440068744514027f8660fba668d1785
SHA256

4efac9d701417e16e933738583b01d08690821a197dfd7d3b62dc20f91e97208
SHA512

42f9eb8ca8287e5d16aca396a09d3ead9234868f908d9efdede69b1352173c6cdcc6efe8ef55719ce2edbf391b2b66666375c79ea09b95fb21dfb37934f0c8f0
SSDEEP

49152:y5ANa2To/Gnahg0B3aYko0Vvy8y27M1fu/qX/mU8Vxqr:yGv/a20Fvko05yw7iu/qX/mU8yr

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
static1/unpack002/Receipt.exe	family_kutaki

Kutaki family
kutaki

Files

Receipt.zip
.zip
Receipt.zip
.zip
Receipt.exe
.exe windows x86

a18fdeadda6443382c94876132ef9ada

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord300
ord594
ord595
ord596
ord303
ord598
ord599
ord306
ord520
ord309
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord650
ord581

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ