wikiloader | de3b9f377e53fdc9962d2c2423f446ba9e46c3e4e577d8aeee592a15716085bb | Triage

Submit
Reports

Overview

overview

Static

static

3

15022024_2...02.exe

windows7-x64

1

15022024_2...02.exe

windows10-2004-x64

Sharing

General

Target

15022024_2247_temp1502_02.bin
Size

103KB
Sample

240215-r593tshd9z
MD5

949bcd2467d36403cff9c9736a8f7cf2
SHA1

e6bacd6b4c4d77ae7009a19663d766c0029b7b59
SHA256

de3b9f377e53fdc9962d2c2423f446ba9e46c3e4e577d8aeee592a15716085bb
SHA512

27cf881753abd93dae5070f731286a0418d4e379ee6c7ab00250ce141c6689596f40360076b1038891d91660c3720f0427e5e5ca932bb6261151234ffc4c7d93
SSDEEP

3072:B34CUVJOy/cTw+75hv7O41Y2n33rO/jm:B34CcOymhv7p33

Score

10^/10

wikiloader backdoor loader persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

15022024_2247_temp1502_02.exe

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

15022024_2247_temp1502_02.exe

Resource

win10v2004-20231215-en

wikiloader backdoor loader persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

wikiloader

C2

https://miguelkhoury.com/web/wp-content/themes/twentytwenty/ayboiw.php?id=1

https://mesabierta.org/wp-content/themes/twentytwentyone/nhdxtk.php?id=1

https://mediterraneaclean.com/wp-content/themes/twentythirteen/hcslmt.php?id=1

https://www.joannamalecka.pl/wp-content/themes/twentytwenty/u7arje.php?id=1

Targets

- Target
  
  15022024_2247_temp1502_02.bin
- Size
  
  103KB
- MD5
  
  949bcd2467d36403cff9c9736a8f7cf2
- SHA1
  
  e6bacd6b4c4d77ae7009a19663d766c0029b7b59
- SHA256
  
  de3b9f377e53fdc9962d2c2423f446ba9e46c3e4e577d8aeee592a15716085bb
- SHA512
  
  27cf881753abd93dae5070f731286a0418d4e379ee6c7ab00250ce141c6689596f40360076b1038891d91660c3720f0427e5e5ca932bb6261151234ffc4c7d93
- SSDEEP
  
  3072:B34CUVJOy/cTw+75hv7O41Y2n33rO/jm:B34CcOymhv7p33
Score

10^/10

wikiloader backdoor loader persistence
- Wikiloader
  Wikiloader is a loader and backdoor written in C++.
  loader backdoor wikiloader
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

wikiloaderbackdoorloaderpersistence

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.