Extracted

• • Target

    Chasebank_Statement_May.lnk

  • Size

    2KB

  • MD5

    6bf403f2f1c9d8382fff6ed5a3041899

  • SHA1

    922df103fec71861594dc918678ad6af27b14851

  • SHA256

    7c8568685a386cfba733f330d0607fc54246801a6ccfc8b67c61acd11a0f695e

  • SHA512

    d235396894b5c82b1a5d282959f65a00bc2dc021fbabf71746994239b14559db09c4ad3be80a9c70829df0bf197407e64a44b88989fd2d420cb98d03119463e8

  Score

  10^/10

  executionkoiloaderloader

  • KoiLoader

    KoiLoader is a malware loader written in C++.

    loaderkoiloader

  • Detects KoiLoader payload

    loader

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2