kutaki | a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845[.]exe | Triage

Sharing

General

Target

a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845.exe
Size

2.4MB
MD5

fe87505c13a6a986885193cb177d4607
SHA1

8d11c69147d8fce75c714d0f7de6a26415facda0
SHA256

a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845
SHA512

246854ff69ac1d6c6a734f8243c6a9b20ffd00265a00f5c1230db7ba2e73580af920fe8e8a0402c34da658bc8967b557a9be853bde9c4c1319e9c1a420a2a6fb
SSDEEP

49152:hlkWk5cS7a+9XYaQHZehc4mTYJ78V9gyBn4cbfmP/SA8N:3ajJ4Z942KQV9hp4UfmP/SA8

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845.exe

Files

a7f37926eb21924303d17007e8dd4d87c0bb428d1663a86d24d1ca38442ef845.exe
.exe windows x86

d24edab77279df23707d626d3ad31888

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord588
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord535
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ