General
-
Target
0a46613d4ca1c621c5838c41e9cfe559b112b9e1d3b69e2051066e18ff24acb6
-
Size
467KB
-
Sample
220903-qh9ywafdhq
-
MD5
3532766b7b1a52a96b77a00e94bb4c95
-
SHA1
e112face677144ebb230165303461e0367403096
-
SHA256
0a46613d4ca1c621c5838c41e9cfe559b112b9e1d3b69e2051066e18ff24acb6
-
SHA512
49a4067074693c90459547cc373aa0e8f74f7ae0f34200cb8f716ef6f4a1028eb3de8fe5f3e08020c1f75e927593009d193c35e31fd3cdb14b67699fdc28c714
-
SSDEEP
12288:bFnVk+436xowuTfLq4EI+gOBzh4JiM32SIMT:bFnVkZ/wKfOrki
Static task
static1
Malware Config
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
0a46613d4ca1c621c5838c41e9cfe559b112b9e1d3b69e2051066e18ff24acb6
-
Size
467KB
-
MD5
3532766b7b1a52a96b77a00e94bb4c95
-
SHA1
e112face677144ebb230165303461e0367403096
-
SHA256
0a46613d4ca1c621c5838c41e9cfe559b112b9e1d3b69e2051066e18ff24acb6
-
SHA512
49a4067074693c90459547cc373aa0e8f74f7ae0f34200cb8f716ef6f4a1028eb3de8fe5f3e08020c1f75e927593009d193c35e31fd3cdb14b67699fdc28c714
-
SSDEEP
12288:bFnVk+436xowuTfLq4EI+gOBzh4JiM32SIMT:bFnVkZ/wKfOrki
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-