wikiloader | efd7b1dfb4264ee74ed4d74cbb8d56c82daeef4363536e25c32bc58da63861c0 | Triage

Resubmissions

08/03/2024, 07:02

240308-ht7c5aah7z 10

08/03/2024, 07:01

240308-hthprsah7v 1

07/03/2024, 18:00

240307-wlc17shf25 6

Sharing

General

Target

1_npp.8.6.3.portable.x64.zip
Size

8.5MB
Sample

240308-ht7c5aah7z
MD5

74a2610a4b507b142a58b28e4e4bb324
SHA1

8c0d6f358fba7edb9bf22b36fa9051284616681e
SHA256

efd7b1dfb4264ee74ed4d74cbb8d56c82daeef4363536e25c32bc58da63861c0
SHA512

4f09c805d361655a3d27d3705777fe8d6e1e1697f7b57958b4d98827eede63aff6e6df92309e161c3ad502adfd5668ddec623717666c5c650aae35489347075e
SSDEEP

196608:e7HWKqkGTSOwUD7sR3M4KBCmbhOj+UIs1mkSK4VrnJP:e7Hb9OwnRX0lTsUHVrnJP

Score

10^/10

wikiloader backdoor loader persistence

Malware Config

Extracted

Family

wikiloader

C2

https://criaturafantastica.com/wp-content/themes/twentytwentyfour/iaawld.php?id=1

https://wxgrant.com/wp-content/themes/twentytwentyone/ifzgav.php?id=1

https://www.nsglamour.de/wp-content/themes/twentytwentythree/u7koxg.php?id=1

https://mrs-batiment.com/wp-content/themes/twentytwenty/tlsgvu.php?id=1

Targets

- Target
  
  npp.8.6.3.portable.x64/notepad.exe
- Size
  
  6.9MB
- MD5
  
  2cd84602fc2428e0db00dbce5e20dc80
- SHA1
  
  965a62dbba7cbb95b6a7694dc33963ffb105819a
- SHA256
  
  4e271372528a9b439d99a7376fc1ac9c67884226a2f7bcbe2f68694c80548287
- SHA512
  
  a6f715224a5e9ffb35833591bdc5cf1b76da479c2a6fd2108d921526708f918e6d5d2e9569c879d1d4c76e4606cdd271364b6f85acd8c811439bd08b61665fd2
- SSDEEP
  
  98304:QtGdbdZUv5vuLYgtbUK5b8PTnwe65w/mod:Rdbvou8guK52TP6525
Score

10^/10

wikiloader backdoor loader persistence
- Wikiloader
  Wikiloader is a loader and backdoor written in C++.
  loader backdoor wikiloader
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Installed Components in the registry
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wikiloaderbackdoorloaderpersistence