General
-
Target
ebd5e6832c0730fecf0e2aac1e13981601c5d089e75ad0833d95cc4b8dc04fae.zip
-
Size
63KB
-
Sample
220706-w5rnpsfghm
-
MD5
2390732a45bc08a270c55e6c53fc9fe9
-
SHA1
2859b3bc82f925cb2a668e89a614c2131d597008
-
SHA256
7513d19dab3fc25a8276ec33132b9114856e01c67c90dbd0318c7aa6dc2b3561
-
SHA512
8fe0b188cb95819cfcc7905e93a75a66da87d289ab0a19e28e1d98092b07a1618b7858d907f20eac84c116cb47c1765e7e48baf57ab4d91fbe02e27cc33ed65b
Static task
static1
Behavioral task
behavioral1
Sample
ebd5e6832c0730fecf0e2aac1e13981601c5d089e75ad0833d95cc4b8dc04fae.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ebd5e6832c0730fecf0e2aac1e13981601c5d089e75ad0833d95cc4b8dc04fae.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
ebd5e6832c0730fecf0e2aac1e13981601c5d089e75ad0833d95cc4b8dc04fae
-
Size
124KB
-
MD5
5a8bc676cf03b77f3d81a2907119d4d5
-
SHA1
2114152d909c30d68af23c8526df2599c94d87cc
-
SHA256
ebd5e6832c0730fecf0e2aac1e13981601c5d089e75ad0833d95cc4b8dc04fae
-
SHA512
ee500b493c0062e69b2fa9d90ed0e5e64049aecddd37fdec19f36e6d5d8562dd6f5f2d5c32216061da640e09bf943a9f1c94777869dc7db260276becbed711db
Score10/10-
suricata: ET MALWARE Generic gate .php GET with minimal headers
suricata: ET MALWARE Generic gate .php GET with minimal headers
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/Colibri Loader Activity
suricata: ET MALWARE Win32/Colibri Loader Activity
-
suricata: ET MALWARE Win32/Colibri Loader Activity M2
suricata: ET MALWARE Win32/Colibri Loader Activity M2
-
suricata: ET MALWARE Win32/Colibri Loader Activity M3
suricata: ET MALWARE Win32/Colibri Loader Activity M3
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-