kutaki | INCOMETAX_RECEIPT[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

INCOMETAX_RECEIPT.zip
Size

376KB
MD5

82e8daaa3d4ef8cc740b5d4b20635c85
SHA1

4fcb123623941616393289770e12b5b266954dbf
SHA256

ca9e09ef8a9e3bee47dfccd022370f707634e5733a29a105368a93b99e72de51
SHA512

7cfefcdb8b948d12c5bf10e6ad0d468d2c16a93f133fea4fb9a1578c108354d7089df538a3bfab1e2aa84dcfa20ffea9816f45be511484ca56c33baafecebf9d
SSDEEP

6144:60RAMxTQVRZ4UqpU0NQW6GlA9jmPv/VCSY3hw9lMbkau1QsS0y+lqiHToPWry1Do:kMxTQVfMU0m/6A9jmn/uhufysS08CkPk

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://newloshree.xyz/work/son.php

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
static1/unpack001/INCOMETAX_RECEIPT.exe	family_kutaki

Kutaki family
kutaki

Files

INCOMETAX_RECEIPT.zip
.zip
INCOMETAX_RECEIPT.exe
.exe windows x86

05d171530336ea3c8a442c90e4c69234

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord666
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord314
ord713
ord315
ord714
ord607
ord316
ord608
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ