General
-
Target
83970b7564a4bb507d9d764a747bb4e4.exe
-
Size
433KB
-
Sample
220831-hzc2gacbh7
-
MD5
83970b7564a4bb507d9d764a747bb4e4
-
SHA1
baa8dec2502aa980085a0472a6c122bd4af64ea6
-
SHA256
9d33270d80f2ba9d898b0b646dbaade5e1ad2de477e58cfcce74272d60a7473d
-
SHA512
251ddb825041332e89c5edb3fab35a2210f0f0ac6b8868872a44c9d731da446b960ba114226b2bafe71dc85a4c20d1122757660f6f1abd0ecd1821e598a6177b
-
SSDEEP
6144:5Llcs/PqcPPee+4DEZqVUMzuh3AdfLZUwIHccPyOz2bLNARo4ol8FzInD3:3yo4BAdtUwIHfyOuLNmonOBID3
Static task
static1
Behavioral task
behavioral1
Sample
83970b7564a4bb507d9d764a747bb4e4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
83970b7564a4bb507d9d764a747bb4e4.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
83970b7564a4bb507d9d764a747bb4e4.exe
-
Size
433KB
-
MD5
83970b7564a4bb507d9d764a747bb4e4
-
SHA1
baa8dec2502aa980085a0472a6c122bd4af64ea6
-
SHA256
9d33270d80f2ba9d898b0b646dbaade5e1ad2de477e58cfcce74272d60a7473d
-
SHA512
251ddb825041332e89c5edb3fab35a2210f0f0ac6b8868872a44c9d731da446b960ba114226b2bafe71dc85a4c20d1122757660f6f1abd0ecd1821e598a6177b
-
SSDEEP
6144:5Llcs/PqcPPee+4DEZqVUMzuh3AdfLZUwIHccPyOz2bLNARo4ol8FzInD3:3yo4BAdtUwIHfyOuLNmonOBID3
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-