Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

9ee3acebaa...39.lnk

windows7-x64

10

9ee3acebaa...39.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ee3acebaae539dc60ea9321cfcf27451f6f05afc80ae7f7a959f76a8d587839.lnk

  • Size

    3KB

  • Sample

    241203-j6b87axjbz

  • MD5

    f7f1052c9d09d61490d8f116238af21e

  • SHA1

    0f2550bb03f31716232de245a02823885f529e09

  • SHA256

    9ee3acebaae539dc60ea9321cfcf27451f6f05afc80ae7f7a959f76a8d587839

  • SHA512

    51737afa22f193a892525226575877a0893521ffd3dec18542a7f2b0cdef5807f736ae4458a5cf7f306c8e033fdacea870d9527529172f74cbbdbcde8a646568

Score
10/10
koiloaderdefense_evasiondiscoveryexecutionloader

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://www.italialife24.it/wp-content/uploads/2021/05/triazoicuTsQo.php
exe.dropper

https://www.italialife24.it/wp-content/uploads/2021/05/butterfliesxH2dz.php

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.italialife24.it/wp-content/uploads/2021/05/stepPCj5H.php
exe.dropper

https://www.italialife24.it/wp-content/uploads/2021/05/untrippingvT.ps1

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.italialife24.it/wp-content/uploads/2021/05/stepPCj5H.php
exe.dropper

https://www.italialife24.it/wp-content/uploads/2021/05/untrippingvT.ps1

Extracted

Family

koiloader

C2

http://195.123.217.43/oversate.php

Attributes
  • payload_url

    https://www.italialife24.it/wp-content/uploads/2021/05

Targets

    • Target

      9ee3acebaae539dc60ea9321cfcf27451f6f05afc80ae7f7a959f76a8d587839.lnk

    • Size

      3KB

    • MD5

      f7f1052c9d09d61490d8f116238af21e

    • SHA1

      0f2550bb03f31716232de245a02823885f529e09

    • SHA256

      9ee3acebaae539dc60ea9321cfcf27451f6f05afc80ae7f7a959f76a8d587839

    • SHA512

      51737afa22f193a892525226575877a0893521ffd3dec18542a7f2b0cdef5807f736ae4458a5cf7f306c8e033fdacea870d9527529172f74cbbdbcde8a646568

    Score
    10/10
    executionkoiloaderdefense_evasiondiscoveryloader

    • KoiLoader

      KoiLoader is a malware loader written in C++.

      loaderkoiloader

    • Koiloader family

      koiloader

    • Detects KoiLoader payload

      loader

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Indicator Removal: Clear Persistence

      Clear artifacts associated with previously established persistence like scheduletasks on a host.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks