Resubmissions
23-05-2022 16:11
220523-tnabzsefc2 1023-05-2022 07:02
220523-ht7c5afdcp 112-01-2022 21:53
220112-1rtclaebfj 106-12-2021 22:05
211206-1zfrgafcbp 117-11-2021 23:36
211117-3lkvdaech7 1Analysis
-
max time kernel
91s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
23-05-2022 16:11
General
-
Target
Google.jpeg.exe
-
Size
275KB
-
MD5
74c4f24e9c025d55c4dd8aca8b91fce3
-
SHA1
173d755e944666390540d6cb3d299567044de7d2
-
SHA256
030340b93655a258d69c01e334877bb36a49a5fafd23927216020b99a3e3c738
-
SHA512
3f6f9c4d6cee80366bf8660d2b2d4f0577d1ba378d3164070544bfb67530e83ad3a64165e8ad83ea18b9d07898cf80cae72b0b0654df76cf7ff769c8711dce06
Score
10/10
Malware Config
Extracted
Family
colibri
Version
1.2.0
Botnet
traffic_doc
C2
http://188.130.139.47/gate.php
Signatures
-
Colibri Loader
A loader sold as MaaS first seen in August 2021.
-
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
-
suricata: ET MALWARE Generic gate .php GET with minimal headers
suricata: ET MALWARE Generic gate .php GET with minimal headers
-
suricata: ET MALWARE Win32/Colibri Loader Activity
suricata: ET MALWARE Win32/Colibri Loader Activity
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Google.jpeg.exe"C:\Users\Admin\AppData\Local\Temp\Google.jpeg.exe"1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4100-130-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB