Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
15022024_2247_temp1502_02.bin
-
Size
103KB
-
Sample
240215-r593tshd9z
-
MD5
949bcd2467d36403cff9c9736a8f7cf2
-
SHA1
e6bacd6b4c4d77ae7009a19663d766c0029b7b59
-
SHA256
de3b9f377e53fdc9962d2c2423f446ba9e46c3e4e577d8aeee592a15716085bb
-
SHA512
27cf881753abd93dae5070f731286a0418d4e379ee6c7ab00250ce141c6689596f40360076b1038891d91660c3720f0427e5e5ca932bb6261151234ffc4c7d93
-
SSDEEP
3072:B34CUVJOy/cTw+75hv7O41Y2n33rO/jm:B34CcOymhv7p33
Malware Config
Extracted
wikiloader
https://miguelkhoury.com/web/wp-content/themes/twentytwenty/ayboiw.php?id=1
https://mesabierta.org/wp-content/themes/twentytwentyone/nhdxtk.php?id=1
https://mediterraneaclean.com/wp-content/themes/twentythirteen/hcslmt.php?id=1
https://www.joannamalecka.pl/wp-content/themes/twentytwenty/u7arje.php?id=1
Targets
-
-
Target
15022024_2247_temp1502_02.bin
-
Size
103KB
-
MD5
949bcd2467d36403cff9c9736a8f7cf2
-
SHA1
e6bacd6b4c4d77ae7009a19663d766c0029b7b59
-
SHA256
de3b9f377e53fdc9962d2c2423f446ba9e46c3e4e577d8aeee592a15716085bb
-
SHA512
27cf881753abd93dae5070f731286a0418d4e379ee6c7ab00250ce141c6689596f40360076b1038891d91660c3720f0427e5e5ca932bb6261151234ffc4c7d93
-
SSDEEP
3072:B34CUVJOy/cTw+75hv7O41Y2n33rO/jm:B34CcOymhv7p33
Score10/10-
Wikiloader
Wikiloader is a loader and backdoor written in C++.
-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-