wikiloader | 4552e84edd73799b3a6e8e6d8ad0cb231d44241748ecb072c82ee9211728236c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

npp.8.6.3....ad.exe

windows10-2004-x64

Resubmissions

26/02/2024, 07:27

240226-jabb1sge2s 10

23/02/2024, 05:04

240223-fqsdpabe3z 6

Sharing

General

Target

4552e84edd73799b3a6e8e6d8ad0cb231d44241748ecb072c82ee9211728236c.zip
Size

8.5MB
Sample

240226-jabb1sge2s
MD5

c4ac3b4ce7aa4ca1234d2d3787323de2
SHA1

e11ae6392aebab8a878bf4bfa3f6e68ced0c6658
SHA256

4552e84edd73799b3a6e8e6d8ad0cb231d44241748ecb072c82ee9211728236c
SHA512

97fe2c0985cd4b6e326704da10ea9bd18a6a7195d1f15337101a818982c5a10192f241004c65c79bab2d18d485c8601fd27bbeb76824e4a1f880ee9fa8baf11c
SSDEEP

196608:07rHWKqkGTSOwUD7sR3M4KBCmbhOj+UIs1mkSW4VrnJt:07rHb9OwnRX0lTsU3VrnJt

Score

10^/10

wikiloader backdoor loader

Static task

static1

Behavioral task

behavioral1

Sample

npp.8.6.3.portable.x64/notepad.exe

Resource

win10v2004-20240221-en

wikiloader backdoor loader

windows10-2004-x64

6 signatures

1200 seconds

Malware Config

Extracted

Family

wikiloader

C2

https://carritosdelacompra.com/wp-content/themes/twentytwentytwo/nnzknr.php?id=1

https://propertystats.net/wp-content/themes/twentytwentythree/hyhnv3.php?id=1

https://www.erasnetwork.eu/wp-content/themes/twentytwentyfour/dqyzqp.php?id=1

https://www.marioagozzino.it/wp-content/themes/twentytwentyfour/c2hitq.php?id=1

Targets

- Target
  
  npp.8.6.3.portable.x64/notepad.exe
- Size
  
  6.9MB
- MD5
  
  2cd84602fc2428e0db00dbce5e20dc80
- SHA1
  
  965a62dbba7cbb95b6a7694dc33963ffb105819a
- SHA256
  
  4e271372528a9b439d99a7376fc1ac9c67884226a2f7bcbe2f68694c80548287
- SHA512
  
  a6f715224a5e9ffb35833591bdc5cf1b76da479c2a6fd2108d921526708f918e6d5d2e9569c879d1d4c76e4606cdd271364b6f85acd8c811439bd08b61665fd2
- SSDEEP
  
  98304:QtGdbdZUv5vuLYgtbUK5b8PTnwe65w/mod:Rdbvou8guK52TP6525
Score

10^/10

wikiloader backdoor loader
- Wikiloader
  Wikiloader is a loader and backdoor written in C++.
  loader backdoor wikiloader
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

wikiloaderbackdoorloader

© 2018-2025

Terms | Privacy