General

  • Target

    tmpCF8A.tmp.exe

  • Size

    52KB

  • Sample

    220804-qvwl1sfdd4

  • MD5

    d8e1495b46cded57eb1423b8bb789834

  • SHA1

    db64bc20550e51c602dbb92d07c8f02842efebcc

  • SHA256

    aa2d97b5be06be67ec04774ad681da6113ee2b4929c0539929bbac19926682c8

  • SHA512

    8b785d7f8d5fdf12dd9a5414050d403e861fd3f9ac09bceebc57b2f178c6f145389783ed1035b5e6f9b627b3d4d978f3ad9bf8195d92e20f585ef92667e4cabb

Score
10/10

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

Targets

    • Target

      tmpCF8A.tmp.exe

    • Size

      52KB

    • MD5

      d8e1495b46cded57eb1423b8bb789834

    • SHA1

      db64bc20550e51c602dbb92d07c8f02842efebcc

    • SHA256

      aa2d97b5be06be67ec04774ad681da6113ee2b4929c0539929bbac19926682c8

    • SHA512

      8b785d7f8d5fdf12dd9a5414050d403e861fd3f9ac09bceebc57b2f178c6f145389783ed1035b5e6f9b627b3d4d978f3ad9bf8195d92e20f585ef92667e4cabb

    Score
    10/10
    • Colibri Loader

      A loader sold as MaaS first seen in August 2021.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks