Overview

overview

10

Static

static

1

Chasebank_...ay.lnk

windows7-x64

3

Chasebank_...ay.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8cb1720beb77d55edc7b7622efea064b4f1f940cba1fa92c9d682e2dbb33414c.zip

  • Size

    1KB

  • Sample

    240606-qtx4fseg4s

  • MD5

    620ada7fd207abc6e71821cce8ad2520

  • SHA1

    f06a6b1570000361226f50df8cae385dd3c1ebfe

  • SHA256

    8cb1720beb77d55edc7b7622efea064b4f1f940cba1fa92c9d682e2dbb33414c

  • SHA512

    507c9a6dd1e784537076c3f5fd8305c06a38e88f9c72de94cc34464c3ff45c42e5661434a6b0f938d719ef4a2433bfd06683c5b27ef8cdb4410454efd4054f21

Score
10/10
koiloaderexecutionloader

Malware Config

Extracted

Family

koiloader

C2

http://81.19.141.115/marasmus.php

Attributes
  • payload_url

    https://www.dsestimation.com/wp-content/uploads/2015/10

Targets

    • Target

      Chasebank_Statement_May.lnk

    • Size

      2KB

    • MD5

      6bef4f06938cf2569a3ad26a9827269a

    • SHA1

      e9a2dbcf2bf6bead0f46c60b7b8b5ffcf0dcfc50

    • SHA256

      22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c

    • SHA512

      989181fdb9e591f113d54e18c31f093f681b9b30b3651d06c81fd202a51735079b8fe90f5bc708428ec973eefcf83ea7b3e982786d7c19a19d1512965c739b9c

    Score
    10/10
    executionkoiloaderloader

    • KoiLoader

      KoiLoader is a malware loader written in C++.

      loaderkoiloader

    • Detects KoiLoader payload

      loader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

1
T1059.001

JavaScript

1
T1059.007

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks