colibri | b7b8c0b7813c0d1967428993cd7e9ed93b6c48b753d3f9122d1ee1623fa9216a | Triage

Sharing

General

Target

b7b8c0b7813c0d1967428993cd7e9ed93b6c48b753d3f9122d1ee1623fa9216a
Size

28KB
Sample

240419-w5velacb32
MD5

1465f8fb25da94ee4ed00986b8b22a7e
SHA1

5013448082559f6ed8fe75854de2f623aa22009d
SHA256

b7b8c0b7813c0d1967428993cd7e9ed93b6c48b753d3f9122d1ee1623fa9216a
SHA512

39ceceb4957659ad419b98c3ffcdea28a8966f491aea629fa916033b17bfd2f40c86260e64233c07cc6c09100bed4d15c6b32424053745aa99f88d61e4678182
SSDEEP

384:qm9Xr23m443DsdqOyuHLJ8U7myOHR+m09T5eS/1Ga8TnKlWzzEzhlcz/WXofT9pb:ZXC2443gByAJTjOIes1qKYzIolCdPcf

Score

10^/10

colibri build1 loader

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

rc4.plain

Targets

- Target
  
  2b00d8c2bcc6b48e90524cdd41a07735dc94548ed41925baff86e43a61a4c37f
- Size
  
  75KB
- MD5
  
  e0a68b98992c1699876f818a22b5b907
- SHA1
  
  d41e8ad8ba51217eb0340f8f69629ccb474484d0
- SHA256
  
  2b00d8c2bcc6b48e90524cdd41a07735dc94548ed41925baff86e43a61a4c37f
- SHA512
  
  856854f5fd89ae1669e4b2db10b73b4a78496bf80117003244c83e781f75e533e2e2bea9aa6c1b3aba3db1ed92ea0ed9755fbfd78cd6c86ba95867d07fc0ece2
- SSDEEP
  
  768:mdU/rTZZAG7lad6fEW1PRLqHxVR/LfXGCCMzgAprfLJh0AiyqjXJwr:mdU/rT9oTWbw/LvfHh0AliXJwr
Score

10^/10

colibri build1 loader
- Colibri Loader
  A loader sold as MaaS first seen in August 2021.
  loader colibri
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

colibribuild1loader