koiloader | fd64e712eac0c7d5fdec9a1f47c1f384a67a181c13e3e98ff40ee122e9ff8347 | Triage

Sharing

General

Target

helper.exe
Size

220KB
Sample

241027-xfqwjsyjgm
MD5

bc0523db21c69a68ba3e7bfc4711f969
SHA1

8308433cb92810bcd6f220e7b6083c778e00fe12
SHA256

fd64e712eac0c7d5fdec9a1f47c1f384a67a181c13e3e98ff40ee122e9ff8347
SHA512

43100772d1684ccdc4bef874d19f2d739c30bf36cbad997a6da1693a3600f0f3c07a76a72cd3dfe18fe053cb9fe2af7130180c5416b8a39b81593cbf88db695a
SSDEEP

3072:emLd2f5yZBRE34J8Quhn0o2lGPetr2MVzfeSUESPt30+98Z/KU9pGAn2NphPK:f5EOb38QS2/ZCSU/Pe+98ZKU9pG/Np

Score

10^/10

koiloader discovery loader

Malware Config

Extracted

Family

koiloader

C2

http://45.90.58.1/config.php

Attributes

payload_url
https://nrgtik.mx/wp-content/uploads

Targets

- Target
  
  helper.exe
- Size
  
  220KB
- MD5
  
  bc0523db21c69a68ba3e7bfc4711f969
- SHA1
  
  8308433cb92810bcd6f220e7b6083c778e00fe12
- SHA256
  
  fd64e712eac0c7d5fdec9a1f47c1f384a67a181c13e3e98ff40ee122e9ff8347
- SHA512
  
  43100772d1684ccdc4bef874d19f2d739c30bf36cbad997a6da1693a3600f0f3c07a76a72cd3dfe18fe053cb9fe2af7130180c5416b8a39b81593cbf88db695a
- SSDEEP
  
  3072:emLd2f5yZBRE34J8Quhn0o2lGPetr2MVzfeSUESPt30+98Z/KU9pGAn2NphPK:f5EOb38QS2/ZCSU/Pe+98ZKU9pG/Np
Score

10^/10

koiloader discovery loader
- KoiLoader
  KoiLoader is a malware loader written in C++.
  loader koiloader
- Koiloader family
  koiloader
- Detects KoiLoader payload
  loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

koiloaderdiscoveryloader

behavioral2

koiloaderdiscoveryloader