General
-
Target
wells_fargo_statement.lnk
-
Size
2KB
-
Sample
240524-wplgraee79
-
MD5
17b5bc02890b72e8c438da653880f57e
-
SHA1
133b89d4737e8821a3e8a6254936b19561b1cbe1
-
SHA256
6be65b07c98affa804a965187dafb49078cec03bc6f8a772e330d1a0fb05c101
-
SHA512
19053344692d6275345040c27d5a3abfaf8284902c7ae2d2ddee37d7bb883cebe27bf66fb85f93e416be65afcbd9ae2b9bde66966c1036402a0315508bf2164a
Static task
static1
Malware Config
Extracted
koiloader
http://79.124.78.45/hockamore.php
-
payload_url
https://rdccob.com.br/wp-content/uploads/2021
Targets
-
-
Target
wells_fargo_statement.lnk
-
Size
2KB
-
MD5
17b5bc02890b72e8c438da653880f57e
-
SHA1
133b89d4737e8821a3e8a6254936b19561b1cbe1
-
SHA256
6be65b07c98affa804a965187dafb49078cec03bc6f8a772e330d1a0fb05c101
-
SHA512
19053344692d6275345040c27d5a3abfaf8284902c7ae2d2ddee37d7bb883cebe27bf66fb85f93e416be65afcbd9ae2b9bde66966c1036402a0315508bf2164a
-
Detects KoiLoader payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-