General
-
Target
chase_apr_2025.zip
-
Size
878B
-
Sample
250501-zd5b9sfp5s
-
MD5
a2ff988165e14b0b9f57918c810cbcb2
-
SHA1
c7f80cf66c9ecca0278d41f6724face262225e9e
-
SHA256
c6a75ac0fee7c4be487eff214bba103b0b8f109c64c6ad818b1f1140f00ba9af
-
SHA512
6e8f0a6482301912cc40d08a975d747fbcbb46d3fe75fd2979bec41194b4632d6d190ee88acc3ef875d7a843ae1ff64b408c10220b1e206139c42b33f1b4e6c9
Static task
static1
Behavioral task
behavioral1
Sample
chase_apr_2025.lnk
Resource
win10v2004-20250314-en
Malware Config
Extracted
https://maconsmallbusinesses.com/wp-content/uploads/2018/08/urobenzoicHQ7v.php
Extracted
https://maconsmallbusinesses.com/wp-content/uploads/2018/08
Extracted
koiloader
http://82.118.16.176/punctulum.php
-
payload_url
https://maconsmallbusinesses.com/wp-content/uploads/2018/08
Targets
-
-
Target
chase_apr_2025.lnk
-
Size
1KB
-
MD5
8801711cde4f2ceb0d7fbce61920a543
-
SHA1
8042a5de003d7adcfde86a25e3c085edfa9d48dc
-
SHA256
2a1844690be2dcbaa2b3975e529ff5e8a18a5620e4ee7429f2040f8fc4a6c76e
-
SHA512
9c3743814519353200248c370dd3e60c61db9869aa40b22d662cbf55ab066300eee0a9ca422d784bdb9fa1522f55e4eb9c959f4b4c46098c2b5355e8fb028b56
-
Koiloader family
-
Koistealer family
-
Detects KoiLoader payload
-
Detects KoiStealer payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-