KoiLoader
KoiLoader 2024 PowerShell LotL loader. sd4.ps1. 37.49.226.113 C2. 0xc2 XOR key. AgentTesla AsyncRAT payload.
Threat Profile
Type
Loader
Programming LanguagePowerShell
C2 ProtocolHTTP
First Seen2024
Targets
Küresel
Purpose / Capabilities
- Loader/Downloader
C2 Servers 1
1 Active
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
37.49.226.113
|
80 | HTTP | Active |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (1)
KoiLoader -- sd4.ps1 PowerShell, 37.49.226.113/index.php C2, 0xc2 XOR Anahtar Dizisi | Yüksek
KoiLoader 478KB sd4.ps1 PowerShell downloader. 37.49.226.113/index.php C2. 0xc2 0x48 0x96 XOR key bytes dizisi.
Read Report →