kutaki | 94729e2f3839b40af5d038286ca722c4 | Triage

Sharing

General

Target

94729e2f3839b40af5d038286ca722c4
Size

2.1MB
MD5

94729e2f3839b40af5d038286ca722c4
SHA1

84537f8c2167e995b8446d8c735611e38fae7996
SHA256

c73d7b6c2df6f9004307cf888b4c636c07dc3accb0eef34f5b0827fcc715bf42
SHA512

316c5340730ecd142e5f371f487041ddddac428450dd243075ec319bedc6c724a41586cbcf443078aba2077b88193a5dfb89f54708ac7c0805ea6dba1ba9e45b
SSDEEP

49152:oF5TGnufHW/N4ZyuzlJat08U1p/DwIDWKjZ50qvmF/c+kNk:oLTGn1KyIW41p/DtDWKhvmF/c+kq

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/E-FILLING FORM B.bat

Files

94729e2f3839b40af5d038286ca722c4
.zip
E-FILLING FORM B.zip
.zip
E-FILLING FORM B.bat
.exe windows:4 windows x86

67a5ce7c8e5c25b362b22ebccab00cb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord713
ord714
ord607
ord608
ord716
ord717
ord534
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord650
ord652
ord581

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ