General
-
Target
a5bbcfa88a2e99448d75af25c2aac091.exe
-
Size
602KB
-
Sample
220903-p8mqlahgg4
-
MD5
a5bbcfa88a2e99448d75af25c2aac091
-
SHA1
3f5a11daf693568bbff848cfc8ebf9be60cd3138
-
SHA256
99f38cc25d3cbea909717f9412ecd960de03c382e205c687ff9b6d27a2938c7a
-
SHA512
71e41b7b09a4b0d358fb4d94d0e0d99b0becaadbff70eba1d03e0ba9c4780616e755e8893a9bd90d519297d0443788cb52a3f5f2725a68e160e9b0dafbaed4df
-
SSDEEP
6144:ypMbah3V7h34ww3D5UIiJf0lo+u8rjXIn4XxTlIOQF:yrhEiIkBD8rTInuxTeOA
Malware Config
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
a5bbcfa88a2e99448d75af25c2aac091.exe
-
Size
602KB
-
MD5
a5bbcfa88a2e99448d75af25c2aac091
-
SHA1
3f5a11daf693568bbff848cfc8ebf9be60cd3138
-
SHA256
99f38cc25d3cbea909717f9412ecd960de03c382e205c687ff9b6d27a2938c7a
-
SHA512
71e41b7b09a4b0d358fb4d94d0e0d99b0becaadbff70eba1d03e0ba9c4780616e755e8893a9bd90d519297d0443788cb52a3f5f2725a68e160e9b0dafbaed4df
-
SSDEEP
6144:ypMbah3V7h34ww3D5UIiJf0lo+u8rjXIn4XxTlIOQF:yrhEiIkBD8rTInuxTeOA
Score10/10-
Colibri Loader
A loader sold as MaaS first seen in August 2021.
-
Detectes Phoenix Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-