kutaki | GETTING UP[.]zip | Triage

Resubmissions

14-08-2023 09:10

230814-k42lqsba53 10

10-07-2023 04:45

230710-fdwwcagg23 10

Sharing

General

Target

GETTING UP.zip
Size

2.1MB
MD5

6cac1435c08e380a10e3dae5f9d7655f
SHA1

e88b5d7e076aed33d9f32257335b64694a7e84be
SHA256

976a7fefb48c81afeaf9255f02201d65a353035b9bed7c8667de7df8b44b1421
SHA512

577ae318875e63d85f0e3d7e97337a5c32438754cd1dacf68dbe3df0ae0bacd3b35be31e4a56c99014656a5bc40e67c54efddfb3410190339fe445800f129def
SSDEEP

49152:smOkBN7cOL80efs2t6SbQHd5U0nzbOEkTV+E91RrjKDOnSULhqJmR/IK8RN:s3k3QC85sm9GzbOEu3XqDOnSULAJmR/y

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/GETTING UP.cmd

Files

GETTING UP.zip
.zip
GETTING UP.zip
.zip
GETTING UP.cmd
.exe windows x86

0b5c1fbaf1e71179da82352902e00080

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord696
ord698
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord667
Zombie_GetTypeInfo
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord650
ord546
ord581

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ