kutaki | Payment_Copy[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

Payment_Copy.exe

windows7-x64

Payment_Copy.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Payment_Copy.exe

Resource

win7-20230220-en

kutaki keylogger stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment_Copy.exe

Resource

win10v2004-20230220-en

kutaki keylogger stealer

windows10-2004-x64

6 signatures

150 seconds

General

Target

Payment_Copy.zip
Size

2.1MB
MD5

5d686d1aa4048911d04e368c30a43c0d
SHA1

b7240ee3eba17d7575dfe2b9721c55ec2484ac38
SHA256

24171c6024628fe1d18a50883ebc19dd86c42eb45aca2b402bd91dc5802c29e9
SHA512

a5db7387318cdddbf583a68ec0ef493e7e19f187f4446a6b5fecd124577b219f2c07f61d6f06f6838647581d843e1ae2755cae05dcd320b390cbf768a5ce0eeb
SSDEEP

49152:DiLTPeVjFOwHxP1PC/jbtO0oMguZgTY4rRKXNZ4lmt/aY8h5:DiHgxxo/ftoMg+gcKKXNZ4lmt/aY8L

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki

Files

Payment_Copy.zip
.zip
Payment_Copy.zip
.zip
Payment_Copy.exe
.exe windows x86

d24edab77279df23707d626d3ad31888

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord588
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord535
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy