KoiLoader

KoiLoader 2024 PowerShell LotL loader. sd4.ps1. 37.49.226.113 C2. 0xc2 XOR key. AgentTesla AsyncRAT payload.

Threat Profile
Type Loader
Programming LanguagePowerShell
C2 ProtocolHTTP
First Seen2024
Targets Küresel
Purpose / Capabilities
  • Loader/Downloader

C2 Servers 1

1 Active
Address Port Protocol Status Action
37.49.226.113
80 HTTP Active

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (1)

High

KoiLoader -- sd4.ps1 PowerShell, 37.49.226.113/index.php C2, 0xc2 XOR Anahtar Dizisi | Yüksek

KoiLoader 478KB sd4.ps1 PowerShell downloader. 37.49.226.113/index.php C2. 0xc2 0x48 0x96 XOR key bytes dizisi.

Read Report →