Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

trigger.js

windows7-x64

10

trigger.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    trigger.js

  • Size

    1KB

  • Sample

    250313-snkmaayl19

  • MD5

    e1d3dafb61e3ccceb928c4b583445826

  • SHA1

    008eb8905da7838bcd8380f259794ec3ad26c9cd

  • SHA256

    d9d8088e85136f539f6db8397f2b3b0664fcdc66d93effbe81978b04dfdb24c6

  • SHA512

    960f3179e597920a8e2d79a30816fbe64c5bbeb35525e1366dfe3246905adb629699a61e5d130a5370e081666207ecccefceebb4227ecce5029556c25d26b135

Score
10/10
koiloaderdiscoveryexecutionloader

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://casettalecese.it/wp-content/uploads/2022/10

Extracted

Family

koiloader

C2

http://94.247.42.253/pilot.php

Attributes
  • payload_url

    https://casettalecese.it/wp-content/uploads/2022/10

Targets

    • Target

      trigger.js

    • Size

      1KB

    • MD5

      e1d3dafb61e3ccceb928c4b583445826

    • SHA1

      008eb8905da7838bcd8380f259794ec3ad26c9cd

    • SHA256

      d9d8088e85136f539f6db8397f2b3b0664fcdc66d93effbe81978b04dfdb24c6

    • SHA512

      960f3179e597920a8e2d79a30816fbe64c5bbeb35525e1366dfe3246905adb629699a61e5d130a5370e081666207ecccefceebb4227ecce5029556c25d26b135

    Score
    10/10
    discoveryexecutionkoiloaderloader

    • KoiLoader

      KoiLoader is a malware loader written in C++.

      loaderkoiloader

    • Koiloader family

      koiloader

    • Detects KoiLoader payload

      loader

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks