General
-
Target
c43c324bb6f807ace828d494d29a2584d95d594ae021a9212a51041d421b2914
-
Size
305KB
-
Sample
220901-rgh97sgge3
-
MD5
15c439fb774172746f18e03191291bbb
-
SHA1
3b5c200539e9d9bc5f00aba67b64c8cc507bc4ca
-
SHA256
c43c324bb6f807ace828d494d29a2584d95d594ae021a9212a51041d421b2914
-
SHA512
4f156490a1d034befc91651cd92c400e92d31fcaad6801f52623ccba4724c97d297839de7c0e4395b47dd1144f14f5ce73a43aeea898a0235ac7150c05ace6b0
-
SSDEEP
6144:Lt2RozEAzKbVIXQic43np3fXN7ziScvcc7LMZeNTbvCenD37:B2RozxCIXQepfNtcLLUOTrzD37
Malware Config
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
c43c324bb6f807ace828d494d29a2584d95d594ae021a9212a51041d421b2914
-
Size
305KB
-
MD5
15c439fb774172746f18e03191291bbb
-
SHA1
3b5c200539e9d9bc5f00aba67b64c8cc507bc4ca
-
SHA256
c43c324bb6f807ace828d494d29a2584d95d594ae021a9212a51041d421b2914
-
SHA512
4f156490a1d034befc91651cd92c400e92d31fcaad6801f52623ccba4724c97d297839de7c0e4395b47dd1144f14f5ce73a43aeea898a0235ac7150c05ace6b0
-
SSDEEP
6144:Lt2RozEAzKbVIXQic43np3fXN7ziScvcc7LMZeNTbvCenD37:B2RozxCIXQepfNtcLLUOTrzD37
Score10/10-
Colibri Loader
A loader sold as MaaS first seen in August 2021.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-