General

  • Target

    59bf761b0f7c96a43d51dffe4c0765fe.exe

  • Size

    602KB

  • Sample

    220903-p8mqlahgg3

  • MD5

    59bf761b0f7c96a43d51dffe4c0765fe

  • SHA1

    9bd65e9b407269559e0ba5c0d5ffd19bbbc9c1e1

  • SHA256

    17bbc249b16ec29783fe2d41179d9e88ddd9b0e7462fdfb6b9f4a71e9c61e786

  • SHA512

    520bde0d19d1b9d9487ed3154c253aa22d4390472a8831aba92e33cb04d2934baa6050c676fa7a1aa1926283413e82e6f33001dd2568645c3910a12502855b72

  • SSDEEP

    6144:hL0/U+/6hm46JQNp1VXUup5UAQBXHxM5ZP+MgU25CnO30U3c:h7+4JXNpfXppCx4P+xUnOEU

Score
10/10

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

Targets

    • Target

      59bf761b0f7c96a43d51dffe4c0765fe.exe

    • Size

      602KB

    • MD5

      59bf761b0f7c96a43d51dffe4c0765fe

    • SHA1

      9bd65e9b407269559e0ba5c0d5ffd19bbbc9c1e1

    • SHA256

      17bbc249b16ec29783fe2d41179d9e88ddd9b0e7462fdfb6b9f4a71e9c61e786

    • SHA512

      520bde0d19d1b9d9487ed3154c253aa22d4390472a8831aba92e33cb04d2934baa6050c676fa7a1aa1926283413e82e6f33001dd2568645c3910a12502855b72

    • SSDEEP

      6144:hL0/U+/6hm46JQNp1VXUup5UAQBXHxM5ZP+MgU25CnO30U3c:h7+4JXNpfXppCx4P+xUnOEU

    Score
    10/10
    • Colibri Loader

      A loader sold as MaaS first seen in August 2021.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks