kutaki | 9693fd176c8734b1928a56cb9771a0c8 | Triage

Sharing

General

Target

9693fd176c8734b1928a56cb9771a0c8
Size

376KB
MD5

9693fd176c8734b1928a56cb9771a0c8
SHA1

35d2579e6a03c2e769b17f1aa8ce934f91fd5e13
SHA256

381ec80e02dba4fe1877e427522ea92a94b29b7f45bddd11c1f2ef9724dd6d2e
SHA512

cb68ab4fb44c52763294fbe010ae6383d1feafa0ea67c663c333f36b5ddac7374b2a787fe7f6b331893c40e94c060782a6d2a65acadb5771c05defe103a6a847
SSDEEP

6144:7IaXScY1S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHTonWryFDYRF:H46A9jmP/uhu/yMS08CkntxYRF

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://sdaskmda.club/papa/love.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki Executable 1 IoCs

Processes:

resource yara_rule

sample family_kutaki
Kutaki family
kutaki
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

9693fd176c8734b1928a56cb9771a0c8

Files

9693fd176c8734b1928a56cb9771a0c8
.exe windows:4 windows x86 arch:x86

c1ed328419f1f432cd13b4232051752d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord606
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord650
ord581

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ