General
-
Target
Chasebank_statement_feb.lnk
-
Size
3KB
-
Sample
240510-xstszace8v
-
MD5
7c362c0f48b3ccfd8e6b19c8c0027b5f
-
SHA1
05c23b1099393f18084ba766f79f7a04e92143af
-
SHA256
164434e81da57b4e1f82572eb06c93ecb1ec9efd427892a4425e31ab37a8cbc3
-
SHA512
7a5bc5ec05bff3121358a75030bfa9dd213d8145d51529f090d634fac1fbbf60e7384712e7aac4be68e85dcef5b6f13bcf2268d87fc9e57a9e687b7e5fb11c09
Static task
static1
Malware Config
Extracted
koiloader
http://45.129.199.204/config.php
-
payload_url
https://www.fuchs.com.sd/media/media/js
Targets
-
-
Target
Chasebank_statement_feb.lnk
-
Size
3KB
-
MD5
7c362c0f48b3ccfd8e6b19c8c0027b5f
-
SHA1
05c23b1099393f18084ba766f79f7a04e92143af
-
SHA256
164434e81da57b4e1f82572eb06c93ecb1ec9efd427892a4425e31ab37a8cbc3
-
SHA512
7a5bc5ec05bff3121358a75030bfa9dd213d8145d51529f090d634fac1fbbf60e7384712e7aac4be68e85dcef5b6f13bcf2268d87fc9e57a9e687b7e5fb11c09
-
Detects KoiLoader payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-