colibri | 093e6f5269af9c0bc8ab1c8209e096946bf8738489fa4cdef91f9c812e5db96b[.]zip

General

Target

093e6f5269af9c0bc8ab1c8209e096946bf8738489fa4cdef91f9c812e5db96b.zip
Size

10KB
MD5

6b9858c9e00f4e7dd4b33cd79901c213
SHA1

b3fb91ac97cfdb8a286026113d67de86b95c89e3
SHA256

f092f8fc7c43aa626dda15580c760dffe41e17e03f5fe7fc50696baf36e0ffa0
SHA512

9e4a447987a6aa3234e294fa69de031a8bf25f9e0ab1a9830ac0fe63637382764faf286e08cddd6778fb468ae3e6db89de997dc5915ef29148fe111bc6e8766d
SSDEEP

192:wjAvNdC5WmBesfkAJOavZYDDyCqvc5ZT1b0nWdOvefeXfSa3WTBbCumgJpyPzYWr:YAvW5WYVbJOavCDm5vFbvW0Sa38Cumgm

Score

10^/10

bot colibri

Family

colibri

Version

1.3.0

Botnet

bot

C2

http://176.113.115.240/gate.php

rc4.plain

093e6f5269af9c0bc8ab1c8209e096946bf8738489fa4cdef91f9c812e5db96b.zip
.zip

Password: infected
093e6f5269af9c0bc8ab1c8209e096946bf8738489fa4cdef91f9c812e5db96b
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ