General
-
Target
64745f1d874d9a0e32a936ac3fbe80a988442d3fbf400946f18c4f4880b3f591
-
Size
488KB
-
Sample
220902-jzbzvaafdk
-
MD5
244e61ee14cec7a93b0fd8725262006a
-
SHA1
9a06bece5a282a4fa811d16cd72e52bd7e5c2668
-
SHA256
64745f1d874d9a0e32a936ac3fbe80a988442d3fbf400946f18c4f4880b3f591
-
SHA512
228b8b069eb3c5beb65f8dcff1d991775be40d35eacaf9c2806ef99838e62885281a50d1d2c655ab6f817480815b0047f0947f55f63451f424ab07ff3056a656
-
SSDEEP
6144:qPCP7NBVlFsy++2AR754hZMOuMrfNMfX8kAMrUt2ar2YMNTaOpMREYkFLgk0/mqY:ZPpBg+irhNMfYiUmYMVaRqglY
Static task
static1
Malware Config
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
64745f1d874d9a0e32a936ac3fbe80a988442d3fbf400946f18c4f4880b3f591
-
Size
488KB
-
MD5
244e61ee14cec7a93b0fd8725262006a
-
SHA1
9a06bece5a282a4fa811d16cd72e52bd7e5c2668
-
SHA256
64745f1d874d9a0e32a936ac3fbe80a988442d3fbf400946f18c4f4880b3f591
-
SHA512
228b8b069eb3c5beb65f8dcff1d991775be40d35eacaf9c2806ef99838e62885281a50d1d2c655ab6f817480815b0047f0947f55f63451f424ab07ff3056a656
-
SSDEEP
6144:qPCP7NBVlFsy++2AR754hZMOuMrfNMfX8kAMrUt2ar2YMNTaOpMREYkFLgk0/mqY:ZPpBg+irhNMfYiUmYMVaRqglY
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-