koiloader | ec5eef03fe07efe2ca6ed4aa1a68f52cdae2043bdf7b5433dd946bacfb581e97 | Triage

Sharing

General

Target

chase_14_06_24_statement.zip
Size

1KB
Sample

240618-qph4qszbmr
MD5

83b5afabcd4af57020165c07061d5220
SHA1

abd67ee943714aab052e8b926b1e8efdd76d2ec9
SHA256

ec5eef03fe07efe2ca6ed4aa1a68f52cdae2043bdf7b5433dd946bacfb581e97
SHA512

aac455daf2ce42b8388be8b0a959e0bf780a72c4f22b3dbbab0932e006339fafe18463309b57da2fde87f3306a2a48f485c88bbd7cfe0fc7d59de871aa55228c

Score

10^/10

koiloader execution loader

Malware Config

Extracted

Family

koiloader

C2

http://176.10.111.71/guapen.php

Attributes

payload_url
https://schermarieti.it/wp-content/uploads/2019/09

Targets

- Target
  
  chase_14_06_24_statement.lnk
- Size
  
  2KB
- MD5
  
  6e46db2bb323d9c90717bc4acede81e1
- SHA1
  
  506fb29a25eb35a590eec152c260d783719a85f1
- SHA256
  
  95ebb135bedca3d8bc005af49079cc5399ac795aec0df21d0477ccd716d14882
- SHA512
  
  eb0e6a6b5b5a15a88c9fe3e8cebbf58617addc8604eb5e2923e78a24407df860f08ecae892b60f2ea8a340211b2474f8d1eb5f28d378cba046693222eaf73083
Score

10^/10

execution koiloader loader
- KoiLoader
  KoiLoader is a malware loader written in C++.
  loader koiloader
- Detects KoiLoader payload
  loader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

koiloaderexecutionloader