Overview

overview

10

Static

static

1

7c8568685a...5e.lnk

windows7-x64

3

7c8568685a...5e.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c8568685a386cfba733f330d0607fc54246801a6ccfc8b67c61acd11a0f695e.lnk

  • Size

    2KB

  • Sample

    240529-bzd57sda7t

  • MD5

    6bf403f2f1c9d8382fff6ed5a3041899

  • SHA1

    922df103fec71861594dc918678ad6af27b14851

  • SHA256

    7c8568685a386cfba733f330d0607fc54246801a6ccfc8b67c61acd11a0f695e

  • SHA512

    d235396894b5c82b1a5d282959f65a00bc2dc021fbabf71746994239b14559db09c4ad3be80a9c70829df0bf197407e64a44b88989fd2d420cb98d03119463e8

Score
10/10
koiloaderexecutionloader

Malware Config

Extracted

Family

koiloader

C2

http://62.133.60.249/ground.php

Attributes
  • payload_url

    https://livingthemiraculouslife.com/assets/js

Targets

    • Target

      7c8568685a386cfba733f330d0607fc54246801a6ccfc8b67c61acd11a0f695e.lnk

    • Size

      2KB

    • MD5

      6bf403f2f1c9d8382fff6ed5a3041899

    • SHA1

      922df103fec71861594dc918678ad6af27b14851

    • SHA256

      7c8568685a386cfba733f330d0607fc54246801a6ccfc8b67c61acd11a0f695e

    • SHA512

      d235396894b5c82b1a5d282959f65a00bc2dc021fbabf71746994239b14559db09c4ad3be80a9c70829df0bf197407e64a44b88989fd2d420cb98d03119463e8

    Score
    10/10
    executionkoiloaderloader

    • KoiLoader

      KoiLoader is a malware loader written in C++.

      loaderkoiloader

    • Detects KoiLoader payload

      loader

    • Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

1
T1059.001

JavaScript

1
T1059.007

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks