Overview

overview

10

Static

static

1400621884.exe

windows7_x64

10

1400621884.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1400621884.exe

  • Size

    87KB

  • Sample

    220522-1cf4qaedcm

  • MD5

    cab62deb76880ed5c49abfefa6f7862c

  • SHA1

    c8b358844131c983dd96b1ca74ea1b8d5d34c6a8

  • SHA256

    45fff4489cc037313de8edf3589515197c184579658921fb06eb6fd4e860253e

  • SHA512

    57c4ef898513b8c9c4e14e053e3d2beac2feb0f676e77577a20bbbde4c921cf830e9a803fd001a43b5441c1edff5a94e3b00837279286f613da3d9402f07ee06

Score
10/10
colibribuild1loadersuricata

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

Targets

    • Target

      1400621884.exe

    • Size

      87KB

    • MD5

      cab62deb76880ed5c49abfefa6f7862c

    • SHA1

      c8b358844131c983dd96b1ca74ea1b8d5d34c6a8

    • SHA256

      45fff4489cc037313de8edf3589515197c184579658921fb06eb6fd4e860253e

    • SHA512

      57c4ef898513b8c9c4e14e053e3d2beac2feb0f676e77577a20bbbde4c921cf830e9a803fd001a43b5441c1edff5a94e3b00837279286f613da3d9402f07ee06

    Score
    10/10
    colibribuild1loadersuricata

    • Colibri Loader

      A loader sold as MaaS first seen in August 2021.

      loadercolibri

    • suricata: ET MALWARE Generic gate .php GET with minimal headers

      suricata: ET MALWARE Generic gate .php GET with minimal headers

      suricata

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata

    • suricata: ET MALWARE Win32/Colibri Loader Activity

      suricata: ET MALWARE Win32/Colibri Loader Activity

      suricata

    • suricata: ET MALWARE Win32/Colibri Loader Activity M2

      suricata: ET MALWARE Win32/Colibri Loader Activity M2

      suricata

    • suricata: ET MALWARE Win32/Colibri Loader Activity M3

      suricata: ET MALWARE Win32/Colibri Loader Activity M3

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks