General
-
Target
chase_may_statement.zip
-
Size
856B
-
Sample
250521-y7f14askz9
-
MD5
703c9ab297b4f6c2d97ecccf2295697f
-
SHA1
1d309647d121596d2a9a5bca27efa4cb3a77f17c
-
SHA256
e94ee95203d453093817a2f653b65e82781e16f9fe6001258c96f4cb545e466f
-
SHA512
0e48ec75073d6d2930b68932e876459c5d66cd1c9fda05161ffbfc984a68a32e0d4cf0ff2ba48e7abe54be1838d6cfe2e208bffcb5ac0e7df91844a4c0c5c5e3
Static task
static1
Behavioral task
behavioral1
Sample
chase_may_statement.lnk
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
chase_may_statement.lnk
Resource
win11-20250502-en
Malware Config
Extracted
https://www.entrepreneurshipvillage.com/wp-content/uploads/2021/02
Extracted
koiloader
http://193.23.219.255/relabel.php
-
payload_url
https://www.entrepreneurshipvillage.com/wp-content/uploads/2021/02
Extracted
https://www.entrepreneurshipvillage.com/wp-content/uploads/2021/02
Targets
-
-
Target
chase_may_statement.lnk
-
Size
1KB
-
MD5
6ee8fd49c4dd5141531a3f7a20e0e7f9
-
SHA1
d882bedf16272cd898039255c36a54ef1a13eaa9
-
SHA256
5854c6560fe3bf47cad820d55fa798385439821c8c87b5b0df83995df320ab5b
-
SHA512
8936a6ff9c5e7f3e4a66dd2855cfc4315053496c33f8edb860b921d5b7d205afab2b8612fa381a00b9bdd480f633377843dc85231186d3324972ea6cf37a4404
Score10/10-
Koiloader family
-
Detects KoiLoader payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-