General
-
Target
6bf403f2f1c9d8382fff6ed5a3041899.bin
-
Size
1KB
-
Sample
240530-crg3kabh87
-
MD5
95c8c3f0ad79b89fa182d3ac3d8b2873
-
SHA1
b5c37c99332eae2d3efeb76eef53aafc46cbc593
-
SHA256
9f7e7fcbf8256ea72dcd4ec27cce6eb34546a473949092b4b198443591aeeee5
-
SHA512
0644f9554e507f0e703e9979e5d2c8f7987ceb058bef90115f135abbe0db5d6ad99418aa8bed35d6189ebc4b3dc8d8102b43737ca9ae83173414413fff356497
Static task
static1
Behavioral task
behavioral1
Sample
7c8568685a386cfba733f330d0607fc54246801a6ccfc8b67c61acd11a0f695e.lnk
Resource
win7-20240508-en
Malware Config
Extracted
koiloader
http://62.133.60.249/ground.php
-
payload_url
https://livingthemiraculouslife.com/assets/js
Targets
-
-
Target
7c8568685a386cfba733f330d0607fc54246801a6ccfc8b67c61acd11a0f695e.lnk
-
Size
2KB
-
MD5
6bf403f2f1c9d8382fff6ed5a3041899
-
SHA1
922df103fec71861594dc918678ad6af27b14851
-
SHA256
7c8568685a386cfba733f330d0607fc54246801a6ccfc8b67c61acd11a0f695e
-
SHA512
d235396894b5c82b1a5d282959f65a00bc2dc021fbabf71746994239b14559db09c4ad3be80a9c70829df0bf197407e64a44b88989fd2d420cb98d03119463e8
-
Detects KoiLoader payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-