Overview

overview

10

Static

static

mal.exe

windows7-x64

mal.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mal.exe

  • Size

    489KB

  • Sample

    221216-q3nldaeg76

  • MD5

    586a9c5e9e255f1153e3b8af5cc8daa7

  • SHA1

    459cf021625581474a464271d98cd065c1bd4f17

  • SHA256

    41b8e7e2d6b226268c3e95dc9ec3f897b60d3bc89daeb743eb585568ff034454

  • SHA512

    ab0facd667688022d251dca8c1bfb43ddfad7b53609335dec6065e690a57ba4014d2198c56ce3f23b1c24b56c18ed1b58a1d02395bab5f97883e48f7913758c6

  • SSDEEP

    3072:6VkgE+24QtMsYDJ0tqI6tQfX3C0slMpSHHYHbcuqXJIjG9kJjN2yDXuWdCPBnT9B:6VkA2x6tiXUMpGuwIq6tEyDeWWnJF

Score
10/10
colibrimarsstealerbuild1defaultloaderstealer

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
rc4.plain

Extracted

Family

marsstealer

Botnet

Default

Targets

    • Target

      mal.exe

    • Size

      489KB

    • MD5

      586a9c5e9e255f1153e3b8af5cc8daa7

    • SHA1

      459cf021625581474a464271d98cd065c1bd4f17

    • SHA256

      41b8e7e2d6b226268c3e95dc9ec3f897b60d3bc89daeb743eb585568ff034454

    • SHA512

      ab0facd667688022d251dca8c1bfb43ddfad7b53609335dec6065e690a57ba4014d2198c56ce3f23b1c24b56c18ed1b58a1d02395bab5f97883e48f7913758c6

    • SSDEEP

      3072:6VkgE+24QtMsYDJ0tqI6tQfX3C0slMpSHHYHbcuqXJIjG9kJjN2yDXuWdCPBnT9B:6VkA2x6tiXUMpGuwIq6tEyDeWWnJF

    Score
    10/10
    colibrimarsstealerbuild1defaultloaderstealer

    • Colibri Loader

      A loader sold as MaaS first seen in August 2021.

      loadercolibri

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

      stealermarsstealer

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks