colibri | 17bbc249b16ec29783fe2d41179d9e88ddd9b0e7462fdfb6b9f4a71e9c61e786 | Triage

Sharing

General

Target

59bf761b0f7c96a43d51dffe4c0765fe.exe
Size

602KB
Sample

220903-p8mqlahgg3
MD5

59bf761b0f7c96a43d51dffe4c0765fe
SHA1

9bd65e9b407269559e0ba5c0d5ffd19bbbc9c1e1
SHA256

17bbc249b16ec29783fe2d41179d9e88ddd9b0e7462fdfb6b9f4a71e9c61e786
SHA512

520bde0d19d1b9d9487ed3154c253aa22d4390472a8831aba92e33cb04d2934baa6050c676fa7a1aa1926283413e82e6f33001dd2568645c3910a12502855b72
SSDEEP

6144:hL0/U+/6hm46JQNp1VXUup5UAQBXHxM5ZP+MgU25CnO30U3c:h7+4JXNpfXppCx4P+xUnOEU

Score

10^/10

colibri build1 loader

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

Targets

- Target
  
  59bf761b0f7c96a43d51dffe4c0765fe.exe
- Size
  
  602KB
- MD5
  
  59bf761b0f7c96a43d51dffe4c0765fe
- SHA1
  
  9bd65e9b407269559e0ba5c0d5ffd19bbbc9c1e1
- SHA256
  
  17bbc249b16ec29783fe2d41179d9e88ddd9b0e7462fdfb6b9f4a71e9c61e786
- SHA512
  
  520bde0d19d1b9d9487ed3154c253aa22d4390472a8831aba92e33cb04d2934baa6050c676fa7a1aa1926283413e82e6f33001dd2568645c3910a12502855b72
- SSDEEP
  
  6144:hL0/U+/6hm46JQNp1VXUup5UAQBXHxM5ZP+MgU25CnO30U3c:h7+4JXNpfXppCx4P+xUnOEU
Score

10^/10

colibri build1 loader
- Colibri Loader
  A loader sold as MaaS first seen in August 2021.
  loader colibri
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

colibribuild1loader