colibri | e8d1a8908e063d4b824cde1d0d0bdf812ace1e50000a4accddb8b306664b4062 | Triage

Sharing

General

Target

2545131b7880bd854f3c9148277af024
Size

292KB
Sample

221003-c7fjnscga5
MD5

2545131b7880bd854f3c9148277af024
SHA1

846cf8458ca76e9cc8092218006c0e5bb1a68e8c
SHA256

e8d1a8908e063d4b824cde1d0d0bdf812ace1e50000a4accddb8b306664b4062
SHA512

c7a31f69621e60c1950f48c92c1633f2bee2f36adc8b5a2627d21dacda15f70d16f50b1a2dd3e575c7453380ca3c828cda8f86dda285e174af9f9944c42aa787
SSDEEP

3072:JOC+EnCeqk1oPh1MZf8EQ1DyWgi/ysf0e:EYN9oJ1MZ0JGW5rf

Score

10^/10

colibri raccoon build1 d6584fcd1734d77c0004e30a172dc0e0 loader stealer

Malware Config

Extracted

Family

raccoon

Botnet

d6584fcd1734d77c0004e30a172dc0e0

C2

http://84.32.188.111/

http://5.252.21.28/

http://87.120.254.71

rc4.plain

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

Targets

- Target
  
  2545131b7880bd854f3c9148277af024
- Size
  
  292KB
- MD5
  
  2545131b7880bd854f3c9148277af024
- SHA1
  
  846cf8458ca76e9cc8092218006c0e5bb1a68e8c
- SHA256
  
  e8d1a8908e063d4b824cde1d0d0bdf812ace1e50000a4accddb8b306664b4062
- SHA512
  
  c7a31f69621e60c1950f48c92c1633f2bee2f36adc8b5a2627d21dacda15f70d16f50b1a2dd3e575c7453380ca3c828cda8f86dda285e174af9f9944c42aa787
- SSDEEP
  
  3072:JOC+EnCeqk1oPh1MZf8EQ1DyWgi/ysf0e:EYN9oJ1MZ0JGW5rf
Score

10^/10

colibri raccoon build1 d6584fcd1734d77c0004e30a172dc0e0 loader stealer
- Colibri Loader
  A loader sold as MaaS first seen in August 2021.
  loader colibri
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

colibriraccoonbuild1d6584fcd1734d77c0004e30a172dc0e0loaderstealer