General
-
Target
1400621884.exe
-
Size
87KB
-
Sample
220522-1cf4qaedcm
-
MD5
cab62deb76880ed5c49abfefa6f7862c
-
SHA1
c8b358844131c983dd96b1ca74ea1b8d5d34c6a8
-
SHA256
45fff4489cc037313de8edf3589515197c184579658921fb06eb6fd4e860253e
-
SHA512
57c4ef898513b8c9c4e14e053e3d2beac2feb0f676e77577a20bbbde4c921cf830e9a803fd001a43b5441c1edff5a94e3b00837279286f613da3d9402f07ee06
Malware Config
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
1400621884.exe
-
Size
87KB
-
MD5
cab62deb76880ed5c49abfefa6f7862c
-
SHA1
c8b358844131c983dd96b1ca74ea1b8d5d34c6a8
-
SHA256
45fff4489cc037313de8edf3589515197c184579658921fb06eb6fd4e860253e
-
SHA512
57c4ef898513b8c9c4e14e053e3d2beac2feb0f676e77577a20bbbde4c921cf830e9a803fd001a43b5441c1edff5a94e3b00837279286f613da3d9402f07ee06
Score10/10-
Colibri Loader
A loader sold as MaaS first seen in August 2021.
-
suricata: ET MALWARE Generic gate .php GET with minimal headers
suricata: ET MALWARE Generic gate .php GET with minimal headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/Colibri Loader Activity
suricata: ET MALWARE Win32/Colibri Loader Activity
-
suricata: ET MALWARE Win32/Colibri Loader Activity M2
suricata: ET MALWARE Win32/Colibri Loader Activity M2
-
suricata: ET MALWARE Win32/Colibri Loader Activity M3
suricata: ET MALWARE Win32/Colibri Loader Activity M3
-
Executes dropped EXE
-
Loads dropped DLL
-