General
-
Target
cunp.exe
-
Size
24KB
-
Sample
220203-rvqansade6
-
MD5
acaf8014dacc2e49d5180b1574dba7af
-
SHA1
be6ca826d012944c664918e8981c063f5a1c968a
-
SHA256
1b2eaff481b083525a42635e86bbeb6ca0e7c1c9c3d880ba29754b9a2277b962
-
SHA512
bd090fda0733743ad8c28cd8ee13b33cf69723ad5fa1e08c89636a6733afdabcb732fdf784bdcca5f15485293beb654b34a91beff54d7047befbcca25f0036f2
Malware Config
Extracted
colibri
1.2.0
traffic_doc
http://188.130.139.47/gate.php
Targets
-
-
Target
cunp.exe
-
Size
24KB
-
MD5
acaf8014dacc2e49d5180b1574dba7af
-
SHA1
be6ca826d012944c664918e8981c063f5a1c968a
-
SHA256
1b2eaff481b083525a42635e86bbeb6ca0e7c1c9c3d880ba29754b9a2277b962
-
SHA512
bd090fda0733743ad8c28cd8ee13b33cf69723ad5fa1e08c89636a6733afdabcb732fdf784bdcca5f15485293beb654b34a91beff54d7047befbcca25f0036f2
Score10/10-
Colibri Loader
A loader sold as MaaS first seen in August 2021.
-
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
-
suricata: ET MALWARE Generic gate .php GET with minimal headers
suricata: ET MALWARE Generic gate .php GET with minimal headers
-
suricata: ET MALWARE Win32/Colibri Loader Activity
suricata: ET MALWARE Win32/Colibri Loader Activity
-
Sets service image path in registry
-