Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

npp.8.6.4....ad.exe

windows10-2004-x64

10

Resubmissions

21/03/2024, 12:27

240321-pm75eada4v 10

21/03/2024, 02:23

240321-cvlj6ahf67 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5af95489c5c3c6e2643a4218543e6e39b62ed6c5b4c97cef9c812ba913d4f7f2.zip

  • Size

    8.2MB

  • Sample

    240321-pm75eada4v

  • MD5

    d29f25c4b162f6a19d4c6b96a540648c

  • SHA1

    12c8d43af0077c400fdf4d3e9c83fcef6111ba57

  • SHA256

    5af95489c5c3c6e2643a4218543e6e39b62ed6c5b4c97cef9c812ba913d4f7f2

  • SHA512

    f0fbe72f432699cb4840969cfef340cb44a422b2dd3e65388db5727e9c433f147b528d2b716aa16d0c668bdfef95876a5c67ab9b3d039feb12f5b05e375a0c01

  • SSDEEP

    196608:E2/WKqkGTSOwUDpZm4NPaRzviayZenDJuOGZW0wU/Z73zNT:E2/b9OwQmeaJiay8NuzW0F/Z73pT

Score
10/10
wikiloaderbackdoorloader

Malware Config

Extracted

Family

wikiloader

C2

https://www.alabamacarhorns.com/wp-content/themes/twentytwentyfour/34uo7s.php?id=1

https://13300.org/wp-content/themes/twentytwentythree/t51kkf.php?id=1

https://alternativetracks.com/wp-content/themes/twentytwentyfour/c9wfar.php?id=1

https://www.amysinger.com/wp-content/themes/twentyten/b9un4f.php?id=1

Targets

    • Target

      npp.8.6.4.portable.x64/notepad.exe

    • Size

      6.9MB

    • MD5

      8279706ad64d33bf4eceb2c1becef274

    • SHA1

      582cd15c2d1bf27da142ced63ffe490818bf4fa7

    • SHA256

      712abdd019cd2e4d96cee74d94eafba8f21ffc35c99a656c228a179ba6f5b310

    • SHA512

      69d5f5a2ceaa10a822d24af6c0cfba91804886c7fdb634931c2c6149dec29b98a7770fa7e3cb8630a525c088c39a84382ad30556aa9d4092e4b2e356af39cf9d

    • SSDEEP

      98304:1UZbk6fd56GkLWD9hWfa3s+wuP8ThKV/mo:ybkRVLUhWUz/PIK55

    Score
    10/10
    wikiloaderbackdoorloader

    • Wikiloader

      Wikiloader is a loader and backdoor written in C++.

      loaderbackdoorwikiloader

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix

Tasks