General
-
Target
35cc13b7eb863c2affc3a0f4ace204049f587291607ee56eea46d306eebc6211.bin
-
Size
447KB
-
Sample
220524-ph3n5aabb6
-
MD5
e85af8c3447525f61e1f6c04e6bef2b4
-
SHA1
18c53278eeff39b7cb8b491a9f83c8805d06f78e
-
SHA256
35cc13b7eb863c2affc3a0f4ace204049f587291607ee56eea46d306eebc6211
-
SHA512
7c380b2b49ff1d132976cb17fcfb45c21cef1c2bbc004d996e0bbd08316230e898e3112895a7c96d4a212a832dcd288cf1d54c120c8e7c6bacaff2872d3efdec
Malware Config
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
35cc13b7eb863c2affc3a0f4ace204049f587291607ee56eea46d306eebc6211.bin
-
Size
447KB
-
MD5
e85af8c3447525f61e1f6c04e6bef2b4
-
SHA1
18c53278eeff39b7cb8b491a9f83c8805d06f78e
-
SHA256
35cc13b7eb863c2affc3a0f4ace204049f587291607ee56eea46d306eebc6211
-
SHA512
7c380b2b49ff1d132976cb17fcfb45c21cef1c2bbc004d996e0bbd08316230e898e3112895a7c96d4a212a832dcd288cf1d54c120c8e7c6bacaff2872d3efdec
Score10/10-
Colibri Loader
A loader sold as MaaS first seen in August 2021.
-
suricata: ET MALWARE Generic gate .php GET with minimal headers
suricata: ET MALWARE Generic gate .php GET with minimal headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/Colibri Loader Activity
suricata: ET MALWARE Win32/Colibri Loader Activity
-
suricata: ET MALWARE Win32/Colibri Loader Activity M2
suricata: ET MALWARE Win32/Colibri Loader Activity M2
-
suricata: ET MALWARE Win32/Colibri Loader Activity M3
suricata: ET MALWARE Win32/Colibri Loader Activity M3
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-