kutaki | CONTRACT PAPER[.]cmd | Triage

Submit
Reports

Overview

overview

Static

static

CONTRACT PAPER.exe

windows7-x64

3

CONTRACT PAPER.exe

windows10-2004-x64

3

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

CONTRACT PAPER.exe

Resource

win7-20230220-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

CONTRACT PAPER.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

General

Target

CONTRACT PAPER.cmd
Size

2.3MB
MD5

7eb3534ce78a2b53a2d8536f1b4c733e
SHA1

f55af08ba5e762cbd3fd0d63b81ef370152e5d7b
SHA256

3e954b6126839364720363cbb12950a0b4bc91a0e473cfb59bc1a3b091f228d9
SHA512

056b06ae6f1c2068245cc45ebc4db81a5d2b13cbc9cb6642b725382989231d5432c4e2f065a49c6186db4979701ab5803a08d8139abcd61ef07b265d094133bc
SSDEEP

49152:nkWk5cS7a+9XYaQ/Zehc4mTYJ78V9gyBn4cXefmP/SA8N:fajJwZ942KQV9hp4DfmP/SA8

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki

Files

CONTRACT PAPER.cmd
.exe windows x86

0473279f57ac7892887f82f009eeea90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord588
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord660
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord546
ord581

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy