kutaki | 4261b42e1eaffa7607790a3a5d4ea192 | Triage

Sharing

General

Target

4261b42e1eaffa7607790a3a5d4ea192
Size

2.1MB
MD5

4261b42e1eaffa7607790a3a5d4ea192
SHA1

df3806181de61412307a8aea4804614628740915
SHA256

36a28f5eebc2c87b065ba1ff1ded73b25a4f8e0f55aaff21179baac6cd15c4d8
SHA512

6319d71b281d0a9239d3081ef0b83a3e18c82256077d723d63e86ed25fceedb441b6fab5d0c50afc88811be594eeaaaf8f399294f7d0796be50268745b1464a2
SSDEEP

49152:XBK9TdOrpTVKf1nGKqioecfcrrfWEWNenw7XVmb/Cq8FQ:RK9T46GxVJfU7WE0bLVmb/Cq8a

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/LICK_Credit_Return.cmd

Files

4261b42e1eaffa7607790a3a5d4ea192
.zip
LICK_Credit_Return.cmd
.exe windows x86

07150799418c32b58e99ce2d1eaf536e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord660
ord667
ord591
ord593
ord300
ord594
ord595
ord596
ord304
ord598
ord306
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
ord310
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ