wikiloader | a3a267aa6f5b0ade2e4829ba18a1baa5bf9a622b49767c1f849090d9263ff68d | Triage

Resubmissions

08/02/2024, 09:22

240208-lcd7ssdd32 10

08/02/2024, 02:25

240208-cwq62adgdl 6

07/02/2024, 17:55

240207-whf9fsac74 6

Sharing

General

Target

1_npp.8.6.portable.x64.zip
Size

8.1MB
Sample

240208-lcd7ssdd32
MD5

daca6a61e1d5128ddf36e0fbce38570f
SHA1

629b61a44b4412a2bd18abc508ad46069779a83f
SHA256

a3a267aa6f5b0ade2e4829ba18a1baa5bf9a622b49767c1f849090d9263ff68d
SHA512

f9d931721bb0099c06ab7cddeca26bb228ac1c0c0e1652fb2f2f9ba0958c75a052e4b54ad350c0b95aa1d0f981d9678bc5b4457a056650ce0932b6401a2a5f44
SSDEEP

196608:+TLcWKqkGTSOwUD4LDqIwOnburMbf/PHU7r3fMsax9WRz:+TAb9OwLqlOpf3UPf2x9WRz

Score

10^/10

wikiloader backdoor loader persistence

Malware Config

Extracted

Family

wikiloader

C2

https://jubileemovement.org/wp-content/themes/twentytwentyone/3jubhh.php?id=1

https://helpforhypnotherapists.com/wp-content/themes/twentytwenty/zaevgn.php?id=1

https://1oneventos.com/wp-content/themes/twentytwentyone/vu0bkq.php?id=1

https://www.dicatindustrial.com/wp-content/themes/twentyseventeen/et3tah.php?id=1

Targets

- Target
  
  npp.8.6.portable.x64/notepad.exe
- Size
  
  6.8MB
- MD5
  
  ae07a5be89978600f3094c66ac719eb2
- SHA1
  
  a281e662b6d1cca0d54cab01a0064b62e7f1f103
- SHA256
  
  746bbdd8c754b0ac18a226d2a1cc68792c948033932f5723981a2b5f5684d310
- SHA512
  
  d90f42fb42cf2f5f3ca8d25603666a5b73f11fcc3404597b1c023768cf21083abe0d2b19f3ae2499fba469474e818200ca9937b48ee5406f15bd6f9ea3996151
- SSDEEP
  
  49152:MuX8nT7KkzbaJ/I1ER5S/qlC1VQHqpyhdRoMSoAMMho/WVEK7yToMoK2w74CS5hg:5/ICR5wPy+elgIXoGJUR6eP4mTr/moG
Score

10^/10

wikiloader backdoor loader persistence
- Wikiloader
  Wikiloader is a loader and backdoor written in C++.
  loader backdoor wikiloader
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Installed Components in the registry
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wikiloaderbackdoorloaderpersistence