colibri | dd6b0783dfd0ce4ff0d8a3f9fec6be4238ea99eef46d6000dbe04cb3c1d83ff8 | Triage

Resubmissions

29/11/2022, 17:41

221129-v9vqgsbb47 10

08/09/2022, 23:04

220908-22fpxsdbdn 10

Sharing

General

Target

dd6b0783dfd0ce4ff0d8a3f9fec6be4238ea99eef46d6000dbe04cb3c1d83ff8
Size

8.2MB
Sample

221129-v9vqgsbb47
MD5

c50570558f1fa95225c72ac974eb631a
SHA1

caf2081be16dd9738ae06e85b8464bbeaac1fef0
SHA256

dd6b0783dfd0ce4ff0d8a3f9fec6be4238ea99eef46d6000dbe04cb3c1d83ff8
SHA512

e159c2f1c99a87c3aa47152edcd19145fec8b6fd06b3f65410487d0d7ba0b00b8e0fc1f2d4fdb26c9d425e1c2a216f7eb206f2d2086d100aa635b6102b894545
SSDEEP

196608:MS1SCw5ygwmaNPYL0q9aIeJhYDD8QWKaQ/s6HVf32gGgvHT4xt40aOgv:11SCw5umaetaIwYDIXQzf32sHTqt4j

Score

10^/10

colibri bot loader

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

bot

C2

http://oraycdn.com/gate.php

rc4.plain

Targets

- Target
  
  dd6b0783dfd0ce4ff0d8a3f9fec6be4238ea99eef46d6000dbe04cb3c1d83ff8
- Size
  
  8.2MB
- MD5
  
  c50570558f1fa95225c72ac974eb631a
- SHA1
  
  caf2081be16dd9738ae06e85b8464bbeaac1fef0
- SHA256
  
  dd6b0783dfd0ce4ff0d8a3f9fec6be4238ea99eef46d6000dbe04cb3c1d83ff8
- SHA512
  
  e159c2f1c99a87c3aa47152edcd19145fec8b6fd06b3f65410487d0d7ba0b00b8e0fc1f2d4fdb26c9d425e1c2a216f7eb206f2d2086d100aa635b6102b894545
- SSDEEP
  
  196608:MS1SCw5ygwmaNPYL0q9aIeJhYDD8QWKaQ/s6HVf32gGgvHT4xt40aOgv:11SCw5umaetaIwYDIXQzf32sHTqt4j
Score

10^/10

colibri bot loader
- Colibri Loader
  A loader sold as MaaS first seen in August 2021.
  loader colibri
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

colibribotloader

behavioral2