koiloader | f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37 | Triage

Submit
Reports

Overview

overview

Static

static

1

f2fa65752c...b37.js

windows7-x64

3

f2fa65752c...b37.js

windows10-2004-x64

Sharing

General

Target

f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37.unknown
Size

1KB
Sample

240612-c1yfxaygpq
MD5

b8b73de27d87836914a258507b8066cc
SHA1

bb10873bfb35fb2d7ffb2942bba35d65068f6f70
SHA256

f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37
SHA512

085fdbe93fb90614701bd5361933e47e3a2992e9d2fe6379b5e1c60e51628ee05b988ca8fac171d0b11f1485efb21b995f0262097e18708a6b062256d6a66c0b

Score

10^/10

koiloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37.js

Resource

win7-20240611-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37.js

Resource

win10v2004-20240611-en

koiloader execution loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

koiloader

C2

http://89.251.22.227/guacos.php

Attributes

payload_url
https://lechiavetteusb.it/imgs/usb/logo

Targets

- Target
  
  f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37.unknown
- Size
  
  1KB
- MD5
  
  b8b73de27d87836914a258507b8066cc
- SHA1
  
  bb10873bfb35fb2d7ffb2942bba35d65068f6f70
- SHA256
  
  f2fa65752c20d58faf3a9546ef3a1792565a075e9e64b65a7921875c1300fb37
- SHA512
  
  085fdbe93fb90614701bd5361933e47e3a2992e9d2fe6379b5e1c60e51628ee05b988ca8fac171d0b11f1485efb21b995f0262097e18708a6b062256d6a66c0b
Score

10^/10

execution koiloader loader
- KoiLoader
  KoiLoader is a malware loader written in C++.
  loader koiloader
- Detects KoiLoader payload
  loader
- Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

koiloaderexecutionloader

© 2018-2024

Terms | Privacy