kutaki | Inv No 46281[.]zip | Triage

Sharing

General

Target

Inv No 46281.zip
Size

2.2MB
MD5

1d966f996dcd93c1a98c9b3c4142c246
SHA1

4d443c9a609d3a7b7842dee42d36b939c3137a59
SHA256

9dab6775890cec31194c3c7d2e0b2e6454806d2f9e5762f501e0cd1c1da8cafa
SHA512

bb2cb6a0d95960bbc33d4c7ce8c32f71575b9e63e54bdd8831f84f8423fe0db02b9c2188b6d40155815d4bb58414eeeccd59e2304d7688ecdfc40c3dc5535f1e
SSDEEP

49152:shlTifGPIyObvUM17hGrax76H9ML1n7126pgULSh7Bw638TqxgETmB/c283QCPQ:sHGuyg2weR6mLN715LSV2yEqxTmB/c2b

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Inv No 46281.bat

Files

Inv No 46281.zip
.zip
Inv No 46281.bat
.exe windows:4 windows x86

71d1d5bcde51f744bf97b431d90e3bd7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ