MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adbee90a8f97d2afdc7829c01bc78af630b7f567270bcc5a5ff56e0469033b9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ColibriLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: adbee90a8f97d2afdc7829c01bc78af630b7f567270bcc5a5ff56e0469033b9f
SHA3-384 hash: 83349e0c39fb593808ee53fbd761379f2c211a308f2c57de30cb5ffbca82c5a75bf14fa7903ad260942dc7b8cb4d55f4
SHA1 hash: 0c77a9b9c592ee4d9e2757e5774d6621a77b0c0d
MD5 hash: cb940cf74606d64260e36e8ef1e4f585
humanhash: muppet-victor-pip-autumn
File name:cb940cf74606d64260e36e8ef1e4f585
Download: download sample
Signature ColibriLoader
Create hunting rule
File size:616'448 bytes
First seen:2022-09-03 11:03:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6bac1a41c35cf62a504dbecf0412626a (13 x ColibriLoader)
ssdeep 12288:FThQ8oNPBa/AqpCeBXTy1t2r4BRnExdaqA:I8oNQXpCCB
TLSH T1E1D493D5FFAA5091BD87F1BC44F10187ECBB5DDE6F9C24A84C7AB08DA1D706A90520AC
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:32 ColibriLoader exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
466
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cb940cf74606d64260e36e8ef1e4f585
Verdict:
No threats detected
Analysis date:
2022-09-03 11:04:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cb9b0336-b23f-4c5d-8abd-bbd610b7f244

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/307586/
Detection(s):
SecuriteInfo.com.Variant.Jaik.93549.15642.30991.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/36495/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6313351c79105e0996e4af17/reports/eafbdb53-4722-4458-82d5-4163e12caff2/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Colibri Loader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/90b9099e-618a-482e-87e4-0c96dd26653d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1064500
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/adbee90a8f97d2afdc7829c01bc78af630b7f567270bcc5a5ff56e0469033b9f/
Threat name:
Win32.Trojan.Jaik
Create hunting rule
Status:
Malicious
First seen:
2022-09-03 07:34:19 UTC
File Type:
PE (Exe)
AV detection:
18 of 25 (72.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vw7oscups7jk7xdyfhabxr4k6yylp5lhe4f4yws76vxai2idhopq._file
Result
Malware family:
colibri
Create hunting rule
Score:
  10/10
Tags:
family:colibri botnet:build1 loader miner persistence
Link:
https://tria.ge/reports/220903-m59d3sdhan/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Downloads MZ/PE file
Executes dropped EXE
Detectes Phoenix Miner Payload
Colibri Loader
Malware Config
C2 Extraction:
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Unpacked files
SH256 hash:
adbee90a8f97d2afdc7829c01bc78af630b7f567270bcc5a5ff56e0469033b9f
MD5 hash:
cb940cf74606d64260e36e8ef1e4f585
SHA1 hash:
0c77a9b9c592ee4d9e2757e5774d6621a77b0c0d
Link:
https://www.unpac.me/results/de888334-8c31-4a7b-b5e4-845003969e76/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/adbee90a8f97d2afdc7829c01bc78af630b7f567270bcc5a5ff56e0469033b9f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ColibriLoader

Executable exe adbee90a8f97d2afdc7829c01bc78af630b7f567270bcc5a5ff56e0469033b9f

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2286343/
Cape
Cape
https://www.capesandbox.com/analysis/307586/

Comments


Avatar
zbet commented on 2022-09-03 11:03:31 UTC

url : hxxp://smartectechnologies.com/12/TrdngAnlzr10422.exe