General
-
Target
bank_statement_04_2025.zip
-
Size
809B
-
Sample
250510-a2fw5sek3y
-
MD5
0e441e5a6db5f30f438ec363a00a68f3
-
SHA1
d6f39e006f6eb3a3e2e3df6d448950d1f9948c7b
-
SHA256
3523653959c0083b7e106a71dd99acc03ccf09cb3452b9b65dcf17005917e389
-
SHA512
c5c64274c4095b1d0bb3f3059949fd309c1c8b3eb386745e77cd7d5653a9f2ba93c50d7c42098b8c56d10ffb515b4fb1802ce269e6d1e075c80eb642c7d7c604
Static task
static1
Behavioral task
behavioral1
Sample
bank_statement_04_2025.lnk
Resource
win10v2004-20250502-en
Malware Config
Extracted
https://www.wilkinsonbeane.com/css/slider
Extracted
koiloader
http://185.62.56.10/trounced.php
-
payload_url
https://www.wilkinsonbeane.com/css/slider
Targets
-
-
Target
bank_statement_04_2025.lnk
-
Size
1KB
-
MD5
a7727b666db4909929ecb590fae94ec8
-
SHA1
8b203aaf632feb9c0ee7babe542e4a53457990ed
-
SHA256
9e41baef8d2a8abc30a7e1dd1a946222b204d7d3183139cd793d1920c704e23d
-
SHA512
165dfa130c3ee453b761788f0c727390f41d85c7f9d27331e5f68cbc7264f00f56b69e1099e82a95528a518d75c5a1b237e23111c2ee6f035b0a0bb9bb05417a
-
Koiloader family
-
Koistealer family
-
Detects KoiLoader payload
-
Detects KoiStealer payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-