General

  • Target

    file

  • Size

    447KB

  • Sample

    230615-scwv6saa97

  • MD5

    c6370fd9fec5500a8eb3a0c6a7cb9999

  • SHA1

    ce87cba0d983f1d85e3a65a0351b4b5d15da31b4

  • SHA256

    6c4c03231ed003e73fd65691c5950ae75f352e8467a486ea3ae34307ba35c297

  • SHA512

    0c73a811203a65e5bdb3c0ff68beb4189d0410b6976331aaf97804d802eec7f31470c0b5d78443546d6ee69e856f9abc671875b3fca83d394e288370e586a774

  • SSDEEP

    6144:bHpSbEF2KIXm7atCYbzMrBsE10PF86tv77exdj0W8+E8INlWZWneknqi7oH:b4bEKWO4YMNmjvaj0MELNlkknqiU

Malware Config

Extracted

Family

colibri

Version

1.4.1

Botnet

bot

C2

http://oraycdn.com/gate.php

rc4.plain

Targets

    • Target

      file

    • Size

      447KB

    • MD5

      c6370fd9fec5500a8eb3a0c6a7cb9999

    • SHA1

      ce87cba0d983f1d85e3a65a0351b4b5d15da31b4

    • SHA256

      6c4c03231ed003e73fd65691c5950ae75f352e8467a486ea3ae34307ba35c297

    • SHA512

      0c73a811203a65e5bdb3c0ff68beb4189d0410b6976331aaf97804d802eec7f31470c0b5d78443546d6ee69e856f9abc671875b3fca83d394e288370e586a774

    • SSDEEP

      6144:bHpSbEF2KIXm7atCYbzMrBsE10PF86tv77exdj0W8+E8INlWZWneknqi7oH:b4bEKWO4YMNmjvaj0MELNlkknqiU

    • Colibri Loader

      A loader sold as MaaS first seen in August 2021.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks