General
-
Target
9899bfe879105eaddcb0d276d1a625b4.exe
-
Size
602KB
-
Sample
220903-met7gagac8
-
MD5
9899bfe879105eaddcb0d276d1a625b4
-
SHA1
e4cfc476d04de9b937c5c3257b3ff062db1c26df
-
SHA256
306f42006639a96d8bf05479958af938f38d07b685621a692f9f72a304d6db00
-
SHA512
e7770592f4d3973739d96df038ebb8eec357b6c50b46007b24c9332ea8060724091dc2677becd74407cc0755a63593a0718d64c3a467ecb9bab5f2e635c407fb
-
SSDEEP
6144:loQfoVurk8G6jZG6Yf1Tg1Dk5bX8nrxroJmKNd0y:lPfqu/jlG3wDk8No4KNT
Static task
static1
Behavioral task
behavioral1
Sample
9899bfe879105eaddcb0d276d1a625b4.exe
Resource
win7-20220812-en
Malware Config
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
9899bfe879105eaddcb0d276d1a625b4.exe
-
Size
602KB
-
MD5
9899bfe879105eaddcb0d276d1a625b4
-
SHA1
e4cfc476d04de9b937c5c3257b3ff062db1c26df
-
SHA256
306f42006639a96d8bf05479958af938f38d07b685621a692f9f72a304d6db00
-
SHA512
e7770592f4d3973739d96df038ebb8eec357b6c50b46007b24c9332ea8060724091dc2677becd74407cc0755a63593a0718d64c3a467ecb9bab5f2e635c407fb
-
SSDEEP
6144:loQfoVurk8G6jZG6Yf1Tg1Dk5bX8nrxroJmKNd0y:lPfqu/jlG3wDk8No4KNT
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-