General
-
Target
9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c.js
-
Size
1KB
-
Sample
240606-re8gbaga84
-
MD5
e2e9bf7a7dcfe1d55a43229add47520b
-
SHA1
f668de5e1e1090b831a6e8d8f08a9107234ab77f
-
SHA256
9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c
-
SHA512
97eee0d2c2c71e53418323511599dc4a94f82633dff83b153a271eaa24b918a6c53544b20f51d3de4b2c5a4f0b442eb1edbb2706c9591463c1982f44e580deec
Static task
static1
Behavioral task
behavioral1
Sample
9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c.js
Resource
win7-20240221-en
Malware Config
Extracted
koiloader
http://81.19.141.115/marasmus.php
-
payload_url
https://www.dsestimation.com/wp-content/uploads/2015/10
Targets
-
-
Target
9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c.js
-
Size
1KB
-
MD5
e2e9bf7a7dcfe1d55a43229add47520b
-
SHA1
f668de5e1e1090b831a6e8d8f08a9107234ab77f
-
SHA256
9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c
-
SHA512
97eee0d2c2c71e53418323511599dc4a94f82633dff83b153a271eaa24b918a6c53544b20f51d3de4b2c5a4f0b442eb1edbb2706c9591463c1982f44e580deec
-
Detects KoiLoader payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-