General
-
Target
file
-
Size
447KB
-
Sample
230615-scwv6saa97
-
MD5
c6370fd9fec5500a8eb3a0c6a7cb9999
-
SHA1
ce87cba0d983f1d85e3a65a0351b4b5d15da31b4
-
SHA256
6c4c03231ed003e73fd65691c5950ae75f352e8467a486ea3ae34307ba35c297
-
SHA512
0c73a811203a65e5bdb3c0ff68beb4189d0410b6976331aaf97804d802eec7f31470c0b5d78443546d6ee69e856f9abc671875b3fca83d394e288370e586a774
-
SSDEEP
6144:bHpSbEF2KIXm7atCYbzMrBsE10PF86tv77exdj0W8+E8INlWZWneknqi7oH:b4bEKWO4YMNmjvaj0MELNlkknqiU
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
colibri
1.4.1
bot
http://oraycdn.com/gate.php
Targets
-
-
Target
file
-
Size
447KB
-
MD5
c6370fd9fec5500a8eb3a0c6a7cb9999
-
SHA1
ce87cba0d983f1d85e3a65a0351b4b5d15da31b4
-
SHA256
6c4c03231ed003e73fd65691c5950ae75f352e8467a486ea3ae34307ba35c297
-
SHA512
0c73a811203a65e5bdb3c0ff68beb4189d0410b6976331aaf97804d802eec7f31470c0b5d78443546d6ee69e856f9abc671875b3fca83d394e288370e586a774
-
SSDEEP
6144:bHpSbEF2KIXm7atCYbzMrBsE10PF86tv77exdj0W8+E8INlWZWneknqi7oH:b4bEKWO4YMNmjvaj0MELNlkknqiU
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-