wikiloader | bef04e3b2b81f2dee39c42ab9be781f3db0059ec722aeee3b5434c2e63512a68 | Triage

Resubmissions

28/01/2024, 15:06

240128-sg3jhsdhgm 6

28/01/2024, 15:00

240128-sdn7qacba7 6

26/01/2024, 12:16

240126-pfs2xaegbk 10

26/01/2024, 12:02

240126-n7p9nadbb2 1

17/01/2024, 19:57

240117-yn88jadfbj 5

17/01/2024, 19:56

240117-ynp5naebg9 1

16/01/2024, 18:32

240116-w6l5lshdb7 6

Sharing

General

Target

npp.8.6.portable.x64.zip
Size

8.2MB
Sample

240126-pfs2xaegbk
MD5

1430e019ef31cb88eb3347a88e97b39a
SHA1

0d63b6f69f2c0a866015c48ebb38cd7ce0f00730
SHA256

bef04e3b2b81f2dee39c42ab9be781f3db0059ec722aeee3b5434c2e63512a68
SHA512

8b5bbf714d441fa336fe0fb5f8f7b3a5836e20f0160c7dfddc3f0eac6da3ad9695ae8b9354853bfed70050a0288494a3dc3590d08ecec76280b84f013e092be2
SSDEEP

196608:6TaWKqkGTSOwUDhLDqIwOnburMbf/PHU7rxefMsax9WR0:6Tab9Ow2qlOpf3UZef2x9WR0

Score

10^/10

wikiloader backdoor loader

Malware Config

Extracted

Family

wikiloader

C2

https://thichgiban.com/8sjdtu.php?id=1

https://kashmirworldwide.com/ilw4kl.php?id=1

https://thekostenfamilys.com/m1b7o3.php?id=1

https://multitraders.net/yv7clr.php?id=1

Targets

- Target
  
  npp.8.6.portable.x64/notepad.exe
- Size
  
  6.8MB
- MD5
  
  ae07a5be89978600f3094c66ac719eb2
- SHA1
  
  a281e662b6d1cca0d54cab01a0064b62e7f1f103
- SHA256
  
  746bbdd8c754b0ac18a226d2a1cc68792c948033932f5723981a2b5f5684d310
- SHA512
  
  d90f42fb42cf2f5f3ca8d25603666a5b73f11fcc3404597b1c023768cf21083abe0d2b19f3ae2499fba469474e818200ca9937b48ee5406f15bd6f9ea3996151
- SSDEEP
  
  49152:MuX8nT7KkzbaJ/I1ER5S/qlC1VQHqpyhdRoMSoAMMho/WVEK7yToMoK2w74CS5hg:5/ICR5wPy+elgIXoGJUR6eP4mTr/moG
Score

10^/10

wikiloader backdoor loader
- Wikiloader
  Wikiloader is a loader and backdoor written in C++.
  loader backdoor wikiloader
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

wikiloaderbackdoorloader