kutaki | Credit_Note[.]zip | Triage

Sharing

General

Target

Credit_Note.zip
Size

2.1MB
MD5

7ffcde202dc3ed65213625d7710c1203
SHA1

ad16dae6061fbae2cf7fc3bedea45244ad4cc006
SHA256

d20cc2f82d1d63527d0cf1a7bace68902642a9674de5980342ceb56fc26aa4bf
SHA512

7dcdc8dad63133df99e6842b541da6a6db3f51e6ec8f666d6668a3f8384e44ffbcc83392bbdab8ab71ce11bf2d8a317d795340ec2e8bef15cf7215663ec9a72c
SSDEEP

49152:9j2q4r3NkshanpsACDq6VTavdkDFBxPfjS5Quv3mb/ua0NZE:9r4r3NN07CDEvd+VHkQu3mb/ua0M

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Credit_Note.bat

Files

Credit_Note.zip
.zip
Credit_Note.bat
.exe windows x86

4aff65f1dfa889303b6903d1acf10217

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord553
ord660
ord667
ord591
ord593
ord300
ord594
ord301
ord595
ord302
ord596
ord303
ord304
ord598
ord305
ord306
ord520
ord307
ord308
ord309
ord524
ord709
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
ord569
EVENT_SINK_Release
ord600
ord601
ord310
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
ord711
ord313
ord712
ord314
ord713
ord315
ord714
ord607
ord316
ord608
ord317
ord716
ord318
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord578
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord542
ord543
ord544
ord545
ord547
ord581

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ