General
-
Target
f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37.unknown
-
Size
1KB
-
Sample
240612-c1yfxaygpq
-
MD5
b8b73de27d87836914a258507b8066cc
-
SHA1
bb10873bfb35fb2d7ffb2942bba35d65068f6f70
-
SHA256
f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37
-
SHA512
085fdbe93fb90614701bd5361933e47e3a2992e9d2fe6379b5e1c60e51628ee05b988ca8fac171d0b11f1485efb21b995f0262097e18708a6b062256d6a66c0b
Static task
static1
Behavioral task
behavioral1
Sample
f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37.js
Resource
win7-20240611-en
Malware Config
Extracted
koiloader
http://89.251.22.227/guacos.php
-
payload_url
https://lechiavetteusb.it/imgs/usb/logo
Targets
-
-
Target
f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37.unknown
-
Size
1KB
-
MD5
b8b73de27d87836914a258507b8066cc
-
SHA1
bb10873bfb35fb2d7ffb2942bba35d65068f6f70
-
SHA256
f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37
-
SHA512
085fdbe93fb90614701bd5361933e47e3a2992e9d2fe6379b5e1c60e51628ee05b988ca8fac171d0b11f1485efb21b995f0262097e18708a6b062256d6a66c0b
-
Detects KoiLoader payload
-
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-