kutaki | 4151bfdd1db1f0f693ee701d8d0f329d49992b2169ac251089335296cb3b4c96 | Triage

Sharing

General

Target

4151bfdd1db1f0f693ee701d8d0f329d49992b2169ac251089335296cb3b4c96
Size

4.5MB
MD5

09217841988e0cdb9c6a62c2ce8042cb
SHA1

e6ff53302c09b0ffe4b9c3115d9fe924b485a13a
SHA256

4151bfdd1db1f0f693ee701d8d0f329d49992b2169ac251089335296cb3b4c96
SHA512

e5cb5aa8d311ab15649c72c0ec648e6ba7579db5a6ab7364cf28d100508606654cab542ef23c803504e0322388e4ef2cff8c146aad2b30a2df667c122df8305e
SSDEEP

49152:HITFwuUfkWk5cS7a+9XYaQkZehc4mTYJ78V9gyBn4cBfmP/SA8N:oTwXajJ3Z942KQV9hp4QfmP/SA8

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4151bfdd1db1f0f693ee701d8d0f329d49992b2169ac251089335296cb3b4c96

Files

4151bfdd1db1f0f693ee701d8d0f329d49992b2169ac251089335296cb3b4c96
.exe windows x86

cad98863dfa1fc2a54a1b34966e0ec1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord300
ord594
ord595
ord596
ord598
ord306
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord317
ord716
ord318
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ