Overview

overview

10

Static

static

1

npp.8.6.po...el.exe

windows10-2004-x64

1

npp.8.6.po...ad.exe

windows10-2004-x64

10

npp.8.6.po...UP.exe

windows10-2004-x64

1

Resubmissions

15/02/2024, 20:41

240215-zgk3ssgf58 10

15/02/2024, 15:00

240215-sdbavshf7v 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4_npp.8.6.portable.x64.zip

  • Size

    8.1MB

  • Sample

    240215-zgk3ssgf58

  • MD5

    f02194a9b940dc9dcbae68ea86e5b766

  • SHA1

    73f6102d53637c3cfafb3262133684c9369fef7c

  • SHA256

    e4ac8bb0302535061a238b09e6e3a7ca14300439bfa72608a580987702ee8552

  • SHA512

    8eb323d56dda5bb240a61bc833bff7103f5abfb45cbf0ec67a185aa1d1d293cb84bb9228b44e1bf4492460a6449b1155df93d444d7256eff9925ea9318d55bdb

  • SSDEEP

    196608:7TkWKqkGTSOwUD4LDqIwOnburMbf/PHU7rafMsax9WRO:7Tkb9OwLqlOpf3Uyf2x9WRO

Score
10/10
wikiloaderbackdoorloaderpersistence

Malware Config

Extracted

Family

wikiloader

C2

https://miguelkhoury.com/web/wp-content/themes/twentytwenty/ayboiw.php?id=1

https://mesabierta.org/wp-content/themes/twentytwentyone/nhdxtk.php?id=1

https://mediterraneaclean.com/wp-content/themes/twentythirteen/hcslmt.php?id=1

https://www.joannamalecka.pl/wp-content/themes/twentytwenty/u7arje.php?id=1

Targets

    • Target

      npp.8.6.portable.x64/contextModel.html

    • Size

      2.6MB

    • MD5

      8f28087d8d0e716368314c2f1a159280

    • SHA1

      7e383ae0f632c02ef98168b6c1a33fd449d6c393

    • SHA256

      0b3731c524e6ba716f15087d85eae7e6225b6b51d4ae2fa6c142ff1523f57046

    • SHA512

      aa21ab18a12a69ff25b24b1c255b0bdc7961985150b07a7f3f4b0909e212295bd781548cd8ea817f3144dfad845aff93df40a513bdb637db7b89bb08fff01eab

    • SSDEEP

      49152:C+sGc1TASKVbmYIBotpg0TunuNeeigv0XIMw4h2pk4PxKS5VinRfepLm7j5:WTAfVbwotpgruNeW0VHhL3S5VicLaj5

    Score
    1/10
    behavioral1

    • Target

      npp.8.6.portable.x64/notepad.exe

    • Size

      6.8MB

    • MD5

      ae07a5be89978600f3094c66ac719eb2

    • SHA1

      a281e662b6d1cca0d54cab01a0064b62e7f1f103

    • SHA256

      746bbdd8c754b0ac18a226d2a1cc68792c948033932f5723981a2b5f5684d310

    • SHA512

      d90f42fb42cf2f5f3ca8d25603666a5b73f11fcc3404597b1c023768cf21083abe0d2b19f3ae2499fba469474e818200ca9937b48ee5406f15bd6f9ea3996151

    • SSDEEP

      49152:MuX8nT7KkzbaJ/I1ER5S/qlC1VQHqpyhdRoMSoAMMho/WVEK7yToMoK2w74CS5hg:5/ICR5wPy+elgIXoGJUR6eP4mTr/moG

    Score
    10/10
    wikiloaderbackdoorloaderpersistence

    • Wikiloader

      Wikiloader is a loader and backdoor written in C++.

      loaderbackdoorwikiloader

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies Installed Components in the registry

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral2

    • Target

      npp.8.6.portable.x64/updater/GUP.exe

    • Size

      818KB

    • MD5

      e9be0bc06725c372140838245805dc66

    • SHA1

      6eafbbefe6d2b5b6c8fc39dac54881b5f2e61735

    • SHA256

      8038960c66ec29e9ee0f027491c8349a158025faee39d069219b5a3297134197

    • SHA512

      14831f538f5afd80689db24f7536ef725b75ce235a1ccb7f6795440819461d038cede5beeebd28ffbf9618ae984a0f347a9ffe4c0c10da7b914022174a1688e2

    • SSDEEP

      12288:KySK0M5qRxaBr5wFNbgpA0WUVzOR63AczZXBS3CNmBDIOh68ADKbp34zZZ6dNNoq:7qMo2aWqT2KbpIFZ6PNeTw

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks