General
-
Target
8cb1720beb77d55edc7b7622efea064b4f1f940cba1fa92c9d682e2dbb33414c.zip
-
Size
1KB
-
Sample
240606-qtx4fseg4s
-
MD5
620ada7fd207abc6e71821cce8ad2520
-
SHA1
f06a6b1570000361226f50df8cae385dd3c1ebfe
-
SHA256
8cb1720beb77d55edc7b7622efea064b4f1f940cba1fa92c9d682e2dbb33414c
-
SHA512
507c9a6dd1e784537076c3f5fd8305c06a38e88f9c72de94cc34464c3ff45c42e5661434a6b0f938d719ef4a2433bfd06683c5b27ef8cdb4410454efd4054f21
Static task
static1
Behavioral task
behavioral1
Sample
Chasebank_Statement_May.lnk
Resource
win7-20240508-en
Malware Config
Extracted
koiloader
http://81.19.141.115/marasmus.php
-
payload_url
https://www.dsestimation.com/wp-content/uploads/2015/10
Targets
-
-
Target
Chasebank_Statement_May.lnk
-
Size
2KB
-
MD5
6bef4f06938cf2569a3ad26a9827269a
-
SHA1
e9a2dbcf2bf6bead0f46c60b7b8b5ffcf0dcfc50
-
SHA256
22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c
-
SHA512
989181fdb9e591f113d54e18c31f093f681b9b30b3651d06c81fd202a51735079b8fe90f5bc708428ec973eefcf83ea7b3e982786d7c19a19d1512965c739b9c
-
Detects KoiLoader payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-