kutaki | Invoice_2505[.]zip | Triage

Resubmissions

25-05-2023 04:47

230525-fekjpsgb23 10

Sharing

General

Target

Invoice_2505.zip
Size

2.1MB
MD5

8200263e849df772d48b36b1b49cbc70
SHA1

bcc10008f78b83d9d698b0abe678952a334e629f
SHA256

b925013a9be16ff7d92304e0a913d625401edd0876a1ea76b5e5fb974f436d8d
SHA512

fa439045595bb6ef3c1f492cdddde67bf0c7e590cdfa7ef76903bd96f0124535bb9ae8d2f75d4f232598916c60d8047cf0c29b8b61d16f3cdfc5ad5f6d5f8bd5
SSDEEP

49152:H8WC76tB8ZeF430cJ8cAdhh/0JoNFZ+wAaelyfxmD/2+CND:cWUHeF431xAdhRjHZQaOyfxmD/2+Cl

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Invoice_2505.cmd

Files

Invoice_2505.zip
.zip
Invoice_2505.cmd
.exe windows x86

32a181e532546578302bd34608f15d22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord588
ord696
ord698
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord667
Zombie_GetTypeInfo
ord591
ord593
ord300
ord594
ord595
ord596
ord598
ord599
ord306
ord520
ord709
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord612
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ