koiloader | 9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c | Triage

Submit
Reports

Overview

overview

Static

static

1

9e1c9678aa...17c.js

windows7-x64

3

9e1c9678aa...17c.js

windows10-2004-x64

Sharing

General

Target

9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c.js
Size

1KB
Sample

240606-re8gbaga84
MD5

e2e9bf7a7dcfe1d55a43229add47520b
SHA1

f668de5e1e1090b831a6e8d8f08a9107234ab77f
SHA256

9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c
SHA512

97eee0d2c2c71e53418323511599dc4a94f82633dff83b153a271eaa24b918a6c53544b20f51d3de4b2c5a4f0b442eb1edbb2706c9591463c1982f44e580deec

Score

10^/10

koiloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c.js

Resource

win7-20240221-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c.js

Resource

win10v2004-20240426-en

koiloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

koiloader

C2

http://81.19.141.115/marasmus.php

Attributes

payload_url
https://www.dsestimation.com/wp-content/uploads/2015/10

Targets

- Target
  
  9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c.js
- Size
  
  1KB
- MD5
  
  e2e9bf7a7dcfe1d55a43229add47520b
- SHA1
  
  f668de5e1e1090b831a6e8d8f08a9107234ab77f
- SHA256
  
  9e1c9678aa1a203879ea5e93fd18f2831f6168ebf2d1f62680091bc21fc4217c
- SHA512
  
  97eee0d2c2c71e53418323511599dc4a94f82633dff83b153a271eaa24b918a6c53544b20f51d3de4b2c5a4f0b442eb1edbb2706c9591463c1982f44e580deec
Score

10^/10

execution koiloader loader
- KoiLoader
  KoiLoader is a malware loader written in C++.
  loader koiloader
- Detects KoiLoader payload
  loader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

koiloaderexecutionloader

© 2018-2024

Terms | Privacy