Behavioral task
behavioral1
Sample
NEFT_Debit.exe
Resource
win10v2004-20231023-en
General
-
Target
NEFT_Debit.zip
-
Size
2.3MB
-
MD5
58bcf6d5459be104623e329ff6695051
-
SHA1
9bc375405d89fda775c2056feb6ed9987f6f94b4
-
SHA256
f8f7c10e124f7fb88e445fb8c395190e06149dea3d68ebe38572efc21d60c428
-
SHA512
6e5e45abda94aaf300f831caaf66b1a4967d6efbb4b006f04ed00c24b66f34a7492e62c8c7edfe7ff30fe6fc6dd437de29d800c2c2d8bb327f9377866e834b43
-
SSDEEP
49152:0kIzri/YsXTL1NnU0CC+xq+nm5Mnrcq082uqCjmx/uO8v0Nmf/W4aNJ:05zrHQf/ntP+oMrR08iCjmx/uO8MNmfW
Malware Config
Extracted
kutaki
http://treysbeatend.com/laptop/squared.php
http://terebinnahicc.club/sec/kool.txt
Signatures
-
Kutaki family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/NEFT_Debit.bat
Files
-
NEFT_Debit.zip.zip
-
NEFT_Debit.bat.exe windows:4 windows x86
89ba1b4fd8947eb7ace15da73bf88226
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord662
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
ord674
ord675
ord676
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord612
ord616
ord617
ord618
ord619
ord650
ord581
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 264KB - Virtual size: 262KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ