Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    384KB

  • Sample

    230223-sqt9hagc58

  • MD5

    be6ead5fba6e45225d2c869c593c091e

  • SHA1

    51b1f2a3ba54d0f675694831a7c9c509093c3399

  • SHA256

    72ffef4d565a07136b07f1c8c4518f159c0d3afdfae4e7736963f17eb35b0b59

  • SHA512

    32e0cfe77acf48e76c01ce50115a6288f2e5f1bb57532f96fced385aa5025fcd4d8b29ae83a0d06cbfb27aee3b58aa9cbedf86e68196c205e1c2e562ee213147

  • SSDEEP

    6144:XiexrddlUFwKfSO2pKvYc9/5aLiqoKDv:XdTlmsQYcl0Jr

Score
10/10
colibrirhadamanthysgooglecollectionloaderstealer

Malware Config

Extracted

Family

colibri

Version

1.4.0

Botnet

Google

C2

http://wqfegrbjiskfmas.top/gate.php

http://interferenceatmobile.xyz/gate.php
rc4.plain

Targets

    • Target

      tmp

    • Size

      384KB

    • MD5

      be6ead5fba6e45225d2c869c593c091e

    • SHA1

      51b1f2a3ba54d0f675694831a7c9c509093c3399

    • SHA256

      72ffef4d565a07136b07f1c8c4518f159c0d3afdfae4e7736963f17eb35b0b59

    • SHA512

      32e0cfe77acf48e76c01ce50115a6288f2e5f1bb57532f96fced385aa5025fcd4d8b29ae83a0d06cbfb27aee3b58aa9cbedf86e68196c205e1c2e562ee213147

    • SSDEEP

      6144:XiexrddlUFwKfSO2pKvYc9/5aLiqoKDv:XdTlmsQYcl0Jr

    Score
    10/10
    colibrirhadamanthysgooglecollectionloaderstealer

    • Colibri Loader

      A loader sold as MaaS first seen in August 2021.

      loadercolibri

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks