kutaki | Payment_Receipt[.]zip | Triage

Sharing

General

Target

Payment_Receipt.zip
Size

2.1MB
MD5

bf63fc45c319a29cfad91418a47e0936
SHA1

3a659779ecd57473b596b4a047a62fda9f2f672c
SHA256

77dfba9b6f16d20471d46be4faf4b0c7ce5be4b95e767d809ae5b71bfe6b57c7
SHA512

72fa66028808f4b6384491b5cdb2b46e574394ba57d5a38e2a77c03c8c26371a54af8f4f83944bfde191dd3d1b1cac0ee613f9c0bbbbc3b48b53598e8e93ef6f
SSDEEP

49152:Ipq/wcmd6Kwv92DbDAvDc7+uHH62MtHe0RgedBNmP/Q68rJ:Cq4DdDW9wPoe626+05dBNmP/Q681

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Payment_Receipt.cmd

Files

Payment_Receipt.zip
.zip
Payment_Receipt.cmd
.exe windows x86

6a676a89c508c41da1da9d43375708e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord592
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ