koiloader | 22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c | Triage

Submit
Reports

Overview

overview

Static

static

1

22ce45aa4e...5c.lnk

windows7-x64

3

22ce45aa4e...5c.lnk

windows10-2004-x64

Sharing

General

Target

22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c.lnk
Size

2KB
Sample

240606-rkpldsfb9z
MD5

6bef4f06938cf2569a3ad26a9827269a
SHA1

e9a2dbcf2bf6bead0f46c60b7b8b5ffcf0dcfc50
SHA256

22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c
SHA512

989181fdb9e591f113d54e18c31f093f681b9b30b3651d06c81fd202a51735079b8fe90f5bc708428ec973eefcf83ea7b3e982786d7c19a19d1512965c739b9c

Score

10^/10

koiloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c.lnk

Resource

win7-20240221-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c.lnk

Resource

win10v2004-20240508-en

koiloader execution loader

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

koiloader

C2

http://81.19.141.115/marasmus.php

Attributes

payload_url
https://www.dsestimation.com/wp-content/uploads/2015/10

Targets

- Target
  
  22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c.lnk
- Size
  
  2KB
- MD5
  
  6bef4f06938cf2569a3ad26a9827269a
- SHA1
  
  e9a2dbcf2bf6bead0f46c60b7b8b5ffcf0dcfc50
- SHA256
  
  22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c
- SHA512
  
  989181fdb9e591f113d54e18c31f093f681b9b30b3651d06c81fd202a51735079b8fe90f5bc708428ec973eefcf83ea7b3e982786d7c19a19d1512965c739b9c
Score

10^/10

execution koiloader loader
- KoiLoader
  KoiLoader is a malware loader written in C++.
  loader koiloader
- Detects KoiLoader payload
  loader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

JavaScript

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

koiloaderexecutionloader

© 2018-2024

Terms | Privacy