colibri | 41b8e7e2d6b226268c3e95dc9ec3f897b60d3bc89daeb743eb585568ff034454 | Triage

Sharing

General

Target

mal.exe
Size

489KB
Sample

221216-q3nldaeg76
MD5

586a9c5e9e255f1153e3b8af5cc8daa7
SHA1

459cf021625581474a464271d98cd065c1bd4f17
SHA256

41b8e7e2d6b226268c3e95dc9ec3f897b60d3bc89daeb743eb585568ff034454
SHA512

ab0facd667688022d251dca8c1bfb43ddfad7b53609335dec6065e690a57ba4014d2198c56ce3f23b1c24b56c18ed1b58a1d02395bab5f97883e48f7913758c6
SSDEEP

3072:6VkgE+24QtMsYDJ0tqI6tQfX3C0slMpSHHYHbcuqXJIjG9kJjN2yDXuWdCPBnT9B:6VkA2x6tiXUMpGuwIq6tEyDeWWnJF

Score

10^/10

colibri marsstealer build1 default loader stealer

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

rc4.plain

Extracted

Family

marsstealer

Botnet

Default

Targets

- Target
  
  mal.exe
- Size
  
  489KB
- MD5
  
  586a9c5e9e255f1153e3b8af5cc8daa7
- SHA1
  
  459cf021625581474a464271d98cd065c1bd4f17
- SHA256
  
  41b8e7e2d6b226268c3e95dc9ec3f897b60d3bc89daeb743eb585568ff034454
- SHA512
  
  ab0facd667688022d251dca8c1bfb43ddfad7b53609335dec6065e690a57ba4014d2198c56ce3f23b1c24b56c18ed1b58a1d02395bab5f97883e48f7913758c6
- SSDEEP
  
  3072:6VkgE+24QtMsYDJ0tqI6tQfX3C0slMpSHHYHbcuqXJIjG9kJjN2yDXuWdCPBnT9B:6VkA2x6tiXUMpGuwIq6tEyDeWWnJF
Score

10^/10

colibri marsstealer build1 default loader stealer
- Colibri Loader
  A loader sold as MaaS first seen in August 2021.
  loader colibri
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

colibrimarsstealerbuild1defaultloaderstealer