General
-
Target
https://sites.google.com/view/upload-service-jf8ci/docs?file=45977688
-
Sample
250522-dkkqjsfm3w
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://sites.google.com/view/upload-service-jf8ci/docs?file=45977688
Resource
win10v2004-20250502-en
Malware Config
Extracted
https://www.entrepreneurshipvillage.com/wp-content/uploads/2021/02
Extracted
koiloader
http://193.23.219.255/relabel.php
-
payload_url
https://www.entrepreneurshipvillage.com/wp-content/uploads/2021/02
Targets
-
-
Target
https://sites.google.com/view/upload-service-jf8ci/docs?file=45977688
Score10/10-
Koiloader family
-
Detects KoiLoader payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
2JavaScript
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1