colibri | 1b2eaff481b083525a42635e86bbeb6ca0e7c1c9c3d880ba29754b9a2277b962 | Triage

Submit
Reports

Overview

overview

Static

static

cunp.exe

windows7_x64

cunp.exe

windows10-2004_x64

Analysis

max time kernel
134s
max time network
149s
platform
windows7_x64
resource
win7-en-20211208
submitted
03-02-2022 14:31

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

cunp.exe

Resource

win7-en-20211208

colibri traffic_doc loader suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cunp.exe

Resource

win10v2004-en-20220112

colibri traffic_doc loader persistence suricata

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

cunp.exe
Size

24KB
MD5

acaf8014dacc2e49d5180b1574dba7af
SHA1

be6ca826d012944c664918e8981c063f5a1c968a
SHA256

1b2eaff481b083525a42635e86bbeb6ca0e7c1c9c3d880ba29754b9a2277b962
SHA512

bd090fda0733743ad8c28cd8ee13b33cf69723ad5fa1e08c89636a6733afdabcb732fdf784bdcca5f15485293beb654b34a91beff54d7047befbcca25f0036f2

Score

10^/10

colibri traffic_doc loader suricata

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

traffic_doc

C2

http://188.130.139.47/gate.php

Signatures

Colibri Loader
A loader sold as MaaS first seen in August 2021.
loader colibri
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
suricata
suricata: ET MALWARE Generic gate .php GET with minimal headers
suricata: ET MALWARE Generic gate .php GET with minimal headers
suricata
suricata: ET MALWARE Win32/Colibri Loader Activity
suricata: ET MALWARE Win32/Colibri Loader Activity
suricata

Processes

C:\Users\Admin\AppData\Local\Temp\cunp.exe
"C:\Users\Admin\AppData\Local\Temp\cunp.exe"
1⤵
PID:1128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1128-54-0x0000000075761000-0x0000000075763000-memory.dmp

Filesize
8KB

Download
memory/1128-55-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download

© 2018-2025

Terms | Privacy