General
-
Target
chase_14_06_24_statement.zip
-
Size
1KB
-
Sample
240618-qph4qszbmr
-
MD5
83b5afabcd4af57020165c07061d5220
-
SHA1
abd67ee943714aab052e8b926b1e8efdd76d2ec9
-
SHA256
ec5eef03fe07efe2ca6ed4aa1a68f52cdae2043bdf7b5433dd946bacfb581e97
-
SHA512
aac455daf2ce42b8388be8b0a959e0bf780a72c4f22b3dbbab0932e006339fafe18463309b57da2fde87f3306a2a48f485c88bbd7cfe0fc7d59de871aa55228c
Static task
static1
Behavioral task
behavioral1
Sample
chase_14_06_24_statement.lnk
Resource
win7-20240611-en
Malware Config
Extracted
koiloader
http://176.10.111.71/guapen.php
-
payload_url
https://schermarieti.it/wp-content/uploads/2019/09
Targets
-
-
Target
chase_14_06_24_statement.lnk
-
Size
2KB
-
MD5
6e46db2bb323d9c90717bc4acede81e1
-
SHA1
506fb29a25eb35a590eec152c260d783719a85f1
-
SHA256
95ebb135bedca3d8bc005af49079cc5399ac795aec0df21d0477ccd716d14882
-
SHA512
eb0e6a6b5b5a15a88c9fe3e8cebbf58617addc8604eb5e2923e78a24407df860f08ecae892b60f2ea8a340211b2474f8d1eb5f28d378cba046693222eaf73083
-
Detects KoiLoader payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-