kutaki | 529324b39de6f6a2a6095479f4dc4fe1856809b2eb60924ea3ab9592bf655a1e | Triage

Sharing

General

Target

529324b39de6f6a2a6095479f4dc4fe1856809b2eb60924ea3ab9592bf655a1e
Size

1.5MB
MD5

cc38979b9c8c579fb5815af70c2452c9
SHA1

7ead666da9ae0a5f7fbfb8bbeade8ed80f79edb8
SHA256

529324b39de6f6a2a6095479f4dc4fe1856809b2eb60924ea3ab9592bf655a1e
SHA512

52be1d7d046f60ae0f5c59f9aba9a50bf121e50a8cdd00fb4bcfc64ff3e957373cc1d842912addcd85a0561b71570a549399746c046116c9c0556bd7438ea698
SSDEEP

24576:jPu2gz7ALuxDUdo3Z+UpZ1XRpdQNVc9z7n731+btMpmf/mpUS0gCkrFX:jPu2gzF4dooUrpdq+8Mpmf/Q4gNJ

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://ojorobia.club/laptop/laptop.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki Executable 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/HDFC_RTGS.exe	family_kutaki

Kutaki family
kutaki
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/HDFC_RTGS.exe

Files

529324b39de6f6a2a6095479f4dc4fe1856809b2eb60924ea3ab9592bf655a1e
.zip
HDFC_RTGS.exe
.exe windows:4 windows x86

ac5097715f1605225dcfeb400dde4dde

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord660
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord650
ord581

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ