Unraveling Not AZORult but Koi Loader: A Precursor to Koi Stealer
Did some analysis on #KoiLoader which ultimately led to #KoiStealer . Warning ⚠️It is not AZORult.
The blog: esentire.com/blog/unravelin…
eSentire Threat Intel
Unit 42 A #pcap of the #KoiLoader / #KoiStealer infection traffic and the associated malware samples are available at malware-traffic-analysis.net/2024/04/04/ind…
Brian McGough Unit 42 Thanks! I rummaged around and found one of those URLs for the bank-themed #KoiLoader / #KoiStealer zip archives.
2024-04-04 (Thursday): We generated an infection in a lab environment based on the latest round of #KoiLoader / #KoiStealer activity. Initial bank-themed lures started earlier this week on 2024-04-02. Some indicators available at bit.ly/3PQut3r
#Unit42ThreatIntel
We have discovered another wave of banking theme campaign, which is active from dec 2023.
#koistealer #koiloader #malware #infostealer
CC Brad
\_(ʘ_ʘ)_/ We've been having a discussion about this, it's actually #KoiLoader / #KoiStealer . The AZORult identification is was based on an article from 2023, but the code and the traffic doesn't really match what we'd seen before with AZORult. Thread: twitter.com/RussianPanda9x…
RussianPanda 🐼 🇺🇦 Hello, Ann. There's this new kind of malware called KoiStealer that has popped up in the cyber world lately. It's a pretty nasty piece of software because not only does it steal information, but it also has a special liking for getting into cryptocurrency wallets.
RussianPanda 🐼 🇺🇦 Here is some more info: securityaffairs.com/144092/malware…
We have been tracking KoiLoader/KoiStealer as well. It's not very common, but it's a thing.