kutaki | 4710472a59fc98d7368b3aa1b719f024[.]bin | Triage

Sharing

General

Target

4710472a59fc98d7368b3aa1b719f024.bin
Size

366KB
MD5

7c82d3450166ffdb23c2eaf9085db1e9
SHA1

6eb52dba9c2adc88d2dd4102fe9684c6e00b79ef
SHA256

4820ced0184d3e1c5752a5a3b19a0ef0faef6d9104715e113ac531fa425f13e9
SHA512

6d35e783e9981250373bc0d7281af40628125f75ffb0ca61cf1d21444acda44c227b7ec956436e6f59a7e96677348260aefee8dd4c4474906735cb00bfb0baec
SSDEEP

6144:6agcbfNaftUPqpCSPXM65xi3GNxolBHZ3Pw0vh8SN0q6wVSWOxHcreCXgpP:THVAUPqp/MV2NxSH5mxq6wVM8r7wl

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://newbosslink.xyz/baba/new4.php

Signatures

Kutaki Executable 1 IoCs

resource	yara_rule
static1/unpack001/2c72daa02805c43f5a35ebca409ad1ddcad3c4b244a9a0579d529b722fea9e6a.exe	family_kutaki

Kutaki family
kutaki

Files

4710472a59fc98d7368b3aa1b719f024.bin
.zip

Password: infected
2c72daa02805c43f5a35ebca409ad1ddcad3c4b244a9a0579d529b722fea9e6a.exe
.exe windows x86

Password: infected

9d1a8964466dde6dc9f777a1e4489421

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord660
ord666
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord610
ord612
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ