Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

23/05/2022, 16:11

220523-tnabzsefc2 10

23/05/2022, 07:02

220523-ht7c5afdcp 1

12/01/2022, 21:53

220112-1rtclaebfj 1

06/12/2021, 22:05

211206-1zfrgafcbp 1

17/11/2021, 23:36

211117-3lkvdaech7 1

Analysis

  • max time kernel
    91s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    23/05/2022, 16:11

General

  • Target

    Google.jpeg.exe

  • Size

    275KB

  • MD5

    74c4f24e9c025d55c4dd8aca8b91fce3

  • SHA1

    173d755e944666390540d6cb3d299567044de7d2

  • SHA256

    030340b93655a258d69c01e334877bb36a49a5fafd23927216020b99a3e3c738

  • SHA512

    3f6f9c4d6cee80366bf8660d2b2d4f0577d1ba378d3164070544bfb67530e83ad3a64165e8ad83ea18b9d07898cf80cae72b0b0654df76cf7ff769c8711dce06

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

traffic_doc

C2

http://188.130.139.47/gate.php

Signatures

  • Colibri Loader

    A loader sold as MaaS first seen in August 2021.

  • suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

  • suricata: ET MALWARE Generic gate .php GET with minimal headers

    suricata: ET MALWARE Generic gate .php GET with minimal headers

  • suricata: ET MALWARE Win32/Colibri Loader Activity

    suricata: ET MALWARE Win32/Colibri Loader Activity

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Google.jpeg.exe
    "C:\Users\Admin\AppData\Local\Temp\Google.jpeg.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4100-130-0x0000000000400000-0x000000000048C000-memory.dmp

    Filesize

    560KB