Overview

overview

10

Static

static

Google.jpeg.exe

windows10_x64

10

Google.jpeg.exe

windows10-2004_x64

10

Resubmissions

23-05-2022 16:11

220523-tnabzsefc2 10

23-05-2022 07:02

220523-ht7c5afdcp 1

12-01-2022 21:53

220112-1rtclaebfj 1

06-12-2021 22:05

211206-1zfrgafcbp 1

17-11-2021 23:36

211117-3lkvdaech7 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Google.jpeg.exe

  • Size

    275KB

  • Sample

    220523-tnabzsefc2

  • MD5

    74c4f24e9c025d55c4dd8aca8b91fce3

  • SHA1

    173d755e944666390540d6cb3d299567044de7d2

  • SHA256

    030340b93655a258d69c01e334877bb36a49a5fafd23927216020b99a3e3c738

  • SHA512

    3f6f9c4d6cee80366bf8660d2b2d4f0577d1ba378d3164070544bfb67530e83ad3a64165e8ad83ea18b9d07898cf80cae72b0b0654df76cf7ff769c8711dce06

Score
10/10
colibritraffic_docloadersuricata

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

traffic_doc

C2

http://188.130.139.47/gate.php

Targets

    • Target

      Google.jpeg.exe

    • Size

      275KB

    • MD5

      74c4f24e9c025d55c4dd8aca8b91fce3

    • SHA1

      173d755e944666390540d6cb3d299567044de7d2

    • SHA256

      030340b93655a258d69c01e334877bb36a49a5fafd23927216020b99a3e3c738

    • SHA512

      3f6f9c4d6cee80366bf8660d2b2d4f0577d1ba378d3164070544bfb67530e83ad3a64165e8ad83ea18b9d07898cf80cae72b0b0654df76cf7ff769c8711dce06

    Score
    10/10
    colibritraffic_docloadersuricata

    • Colibri Loader

      A loader sold as MaaS first seen in August 2021.

      loadercolibri

    • suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

      suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

      suricata

    • suricata: ET MALWARE Generic gate .php GET with minimal headers

      suricata: ET MALWARE Generic gate .php GET with minimal headers

      suricata

    • suricata: ET MALWARE Win32/Colibri Loader Activity

      suricata: ET MALWARE Win32/Colibri Loader Activity

      suricata
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks