General

  • Target

    b7b8c0b7813c0d1967428993cd7e9ed93b6c48b753d3f9122d1ee1623fa9216a

  • Size

    28KB

  • Sample

    240419-w5velacb32

  • MD5

    1465f8fb25da94ee4ed00986b8b22a7e

  • SHA1

    5013448082559f6ed8fe75854de2f623aa22009d

  • SHA256

    b7b8c0b7813c0d1967428993cd7e9ed93b6c48b753d3f9122d1ee1623fa9216a

  • SHA512

    39ceceb4957659ad419b98c3ffcdea28a8966f491aea629fa916033b17bfd2f40c86260e64233c07cc6c09100bed4d15c6b32424053745aa99f88d61e4678182

  • SSDEEP

    384:qm9Xr23m443DsdqOyuHLJ8U7myOHR+m09T5eS/1Ga8TnKlWzzEzhlcz/WXofT9pb:ZXC2443gByAJTjOIes1qKYzIolCdPcf

Score
10/10

Malware Config

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

rc4.plain

Targets

    • Target

      2b00d8c2bcc6b48e90524cdd41a07735dc94548ed41925baff86e43a61a4c37f

    • Size

      75KB

    • MD5

      e0a68b98992c1699876f818a22b5b907

    • SHA1

      d41e8ad8ba51217eb0340f8f69629ccb474484d0

    • SHA256

      2b00d8c2bcc6b48e90524cdd41a07735dc94548ed41925baff86e43a61a4c37f

    • SHA512

      856854f5fd89ae1669e4b2db10b73b4a78496bf80117003244c83e781f75e533e2e2bea9aa6c1b3aba3db1ed92ea0ed9755fbfd78cd6c86ba95867d07fc0ece2

    • SSDEEP

      768:mdU/rTZZAG7lad6fEW1PRLqHxVR/LfXGCCMzgAprfLJh0AiyqjXJwr:mdU/rT9oTWbw/LvfHh0AliXJwr

    Score
    10/10
    • Colibri Loader

      A loader sold as MaaS first seen in August 2021.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks