General
-
Target
22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c.lnk
-
Size
2KB
-
Sample
240606-rkpldsfb9z
-
MD5
6bef4f06938cf2569a3ad26a9827269a
-
SHA1
e9a2dbcf2bf6bead0f46c60b7b8b5ffcf0dcfc50
-
SHA256
22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c
-
SHA512
989181fdb9e591f113d54e18c31f093f681b9b30b3651d06c81fd202a51735079b8fe90f5bc708428ec973eefcf83ea7b3e982786d7c19a19d1512965c739b9c
Static task
static1
Behavioral task
behavioral1
Sample
22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c.lnk
Resource
win7-20240221-en
Malware Config
Extracted
koiloader
http://81.19.141.115/marasmus.php
-
payload_url
https://www.dsestimation.com/wp-content/uploads/2015/10
Targets
-
-
Target
22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c.lnk
-
Size
2KB
-
MD5
6bef4f06938cf2569a3ad26a9827269a
-
SHA1
e9a2dbcf2bf6bead0f46c60b7b8b5ffcf0dcfc50
-
SHA256
22ce45aa4ec31f4937872fb15d6ae787168c0f5a8399f514dd69e4eecbdc075c
-
SHA512
989181fdb9e591f113d54e18c31f093f681b9b30b3651d06c81fd202a51735079b8fe90f5bc708428ec973eefcf83ea7b3e982786d7c19a19d1512965c739b9c
-
Detects KoiLoader payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-