kutaki | a1809e923de6cae635be84aa94afa7b7 | Triage

Sharing

General

Target

a1809e923de6cae635be84aa94afa7b7
Size

2.1MB
MD5

a1809e923de6cae635be84aa94afa7b7
SHA1

5356d43b71caddec298f1c93625d72d57a95d9a5
SHA256

fffabbf5eb28e080d666156800c4d0a7ca5c986559fc5c3cc632155d12801fb4
SHA512

49534a75723741944adcb92db3f4b145cd306cb4c386b4884c47fbdd9ced6446706d73c9e691586077980514b9fd3c67a552b74b39d6ebb17709bb356256bb6c
SSDEEP

49152:Tz47kLqtm5DmVmEZseFnDuy3lf7mhmVC1OAXlEjwIUqoZ9m3/QG8Jz:TzZLHGZFKYl6MVYOAXlE8IFA9m3/QG8Z

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/INF_NEFT_Debit.bat

Files

a1809e923de6cae635be84aa94afa7b7
.zip
INF_NEFT_Debit.zip
.zip
INF_NEFT_Debit.bat
.exe windows:4 windows x86

561c18361eb724808a2d9ecd5f5cc217

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ