kutaki | CREDDIT[.]zip | Triage

Sharing

General

Target

CREDDIT.zip
Size

508KB
MD5

89e501b000a3b89e7cfdebc994825d11
SHA1

021d0a57ae448e227848120799bb7b18f498623d
SHA256

6ddce243cb75890ad12f49aea852567b778d4f6708d2446b16cbc8c2e41dcfac
SHA512

cedb36fe7029904fb38d29505cfcc7317a08c149dee4abebad5d955f9494306a92134a98aa942099920ca45483e5eb22bd5d373574430e4efe695417336f201e
SSDEEP

12288:5xBtzaS3WddhMA54HJ48A9lmb/wLu5IYS0GCkHZBYRL:5x65dRmCHmb/eBYS0GCkHTY

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/CREDIT.cmd

Files

CREDDIT.zip
.zip
CREDIT.zip
.zip
CREDIT.cmd
.exe windows x86

45e2345d160929b79e76a3d9d5e968dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord517
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord599
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord571
ord573
ord681
ord576
ord685
ord100
ord689
ord612
ord616
ord617
ord618
ord619
ord652
ord581

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ