Overview

overview

10

Static

static

cunp.exe

windows7_x64

10

cunp.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    134s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    03-02-2022 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cunp.exe

  • Size

    24KB

  • MD5

    acaf8014dacc2e49d5180b1574dba7af

  • SHA1

    be6ca826d012944c664918e8981c063f5a1c968a

  • SHA256

    1b2eaff481b083525a42635e86bbeb6ca0e7c1c9c3d880ba29754b9a2277b962

  • SHA512

    bd090fda0733743ad8c28cd8ee13b33cf69723ad5fa1e08c89636a6733afdabcb732fdf784bdcca5f15485293beb654b34a91beff54d7047befbcca25f0036f2

Score
10/10
colibritraffic_docloadersuricata

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

traffic_doc

C2

http://188.130.139.47/gate.php

Signatures

  • Colibri Loader

    A loader sold as MaaS first seen in August 2021.

    loadercolibri
  • suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    suricata
  • suricata: ET MALWARE Generic gate .php GET with minimal headers

    suricata: ET MALWARE Generic gate .php GET with minimal headers

    suricata
  • suricata: ET MALWARE Win32/Colibri Loader Activity

    suricata: ET MALWARE Win32/Colibri Loader Activity

    suricata

Processes

  • C:\Users\Admin\AppData\Local\Temp\cunp.exe
    "C:\Users\Admin\AppData\Local\Temp\cunp.exe"
    1⤵
      PID:1128

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1128-54-0x0000000075761000-0x0000000075763000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1128-55-0x0000000000400000-0x0000000000407000-memory.dmp
      Filesize

      28KB

      Download