kutaki | Invoice No 3031[.]zip

General

Target

Invoice No 3031.zip
Size

610KB
MD5

a2085e75897e90b690272839e0780a2d
SHA1

f70f7dc4f0c41b30845a259eeeb88dc5a885566c
SHA256

7be7c55b508491fc120da9f6e3390bd35f97c234088a1d512bc0209fe700cff2
SHA512

7ba742697f1696a88d27e5870a0821817b35c5d35f2c4ae44d543753f07b51ae99673e39a60e901adb274ddcc7af119c60277f0676914d11c6c40cb3fd0c40e9
SSDEEP

12288:3n04QA9/mR/U7uLgkS0sCkt/FYRWXgIG9ABWt6EKegZfi9oAr:3tmR/+DkS0sCktN2feBpEKeSi1r

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki

Files

Invoice No 3031.zip
.zip

Password: infected
Invoice No 3031.cmd
.exe windows x86

Password: infected

e715f3c5058fd2de28211e01a1b3ec74

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Invoice No 3031.zip
.zip

Password: infected
Invoice No 3031.cmd
.exe windows x86

Password: infected

e715f3c5058fd2de28211e01a1b3ec74

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

e715f3c5058fd2de28211e01a1b3ec74

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 124KB - Virtual size: 121KB

.data Size: - Virtual size: 18KB

.rsrc Size: 264KB - Virtual size: 261KB

Password: infected

Password: infected

e715f3c5058fd2de28211e01a1b3ec74

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 124KB - Virtual size: 121KB

.data Size: - Virtual size: 18KB

.rsrc Size: 264KB - Virtual size: 261KB

.text
Size: 124KB - Virtual size: 121KB

.data
Size: - Virtual size: 18KB

.rsrc
Size: 264KB - Virtual size: 261KB

.text
Size: 124KB - Virtual size: 121KB

.data
Size: - Virtual size: 18KB

.rsrc
Size: 264KB - Virtual size: 261KB