wikiloader | fb7c2352066b5009ee7832bfb2d4f9789b4926131c112e6dc3ab4fe89d94c314 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

npp.8.6.4....ad.exe

windows10-1703-x64

npp.8.6.4....ad.exe

windows10-2004-x64

npp.8.6.4....ad.exe

windows11-21h2-x64

Sharing

General

Target

3_npp.8.6.4.portable.x64.zip
Size

8.2MB
Sample

240326-wdsrpaah9z
MD5

98b51bf90629ecf87c135041abc04ba7
SHA1

cdbb1aa99b0b60bcc09517ed262d66fa68f8e36c
SHA256

fb7c2352066b5009ee7832bfb2d4f9789b4926131c112e6dc3ab4fe89d94c314
SHA512

7985756846f3cfe2871fc84fc417feb43cf46a43173910a384c02a39304ea7f95cf207a99602b83def6cbabc29168afd57d1ccf1f492563e3fbd270b905d0ba9
SSDEEP

196608:y2nWKqkGTSOwUDpZm4NPaRzviayZenDJuOGZWGU/Z73zNV:y2nb9OwQmeaJiay8NuzWX/Z73pV

Score

10^/10

wikiloader backdoor loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

npp.8.6.4.portable.x64/notepad.exe

Resource

win10-20240221-en

wikiloader backdoor loader persistence

windows10-1703-x64

15 signatures

1800 seconds

Behavioral task

behavioral2

Sample

npp.8.6.4.portable.x64/notepad.exe

Resource

win10v2004-20240226-en

wikiloader backdoor loader persistence

windows10-2004-x64

14 signatures

1800 seconds

Behavioral task

behavioral3

Sample

npp.8.6.4.portable.x64/notepad.exe

Resource

win11-20240221-en

wikiloader backdoor loader persistence

windows11-21h2-x64

17 signatures

1800 seconds

Malware Config

Extracted

Family

wikiloader

C2

https://www.alabamacarhorns.com/wp-content/themes/twentytwentyfour/34uo7s.php?id=1

https://13300.org/wp-content/themes/twentytwentythree/t51kkf.php?id=1

https://alternativetracks.com/wp-content/themes/twentytwentyfour/c9wfar.php?id=1

https://www.amysinger.com/wp-content/themes/twentyten/b9un4f.php?id=1

Targets

- Target
  
  npp.8.6.4.portable.x64/notepad.exe
- Size
  
  6.9MB
- MD5
  
  8279706ad64d33bf4eceb2c1becef274
- SHA1
  
  582cd15c2d1bf27da142ced63ffe490818bf4fa7
- SHA256
  
  712abdd019cd2e4d96cee74d94eafba8f21ffc35c99a656c228a179ba6f5b310
- SHA512
  
  69d5f5a2ceaa10a822d24af6c0cfba91804886c7fdb634931c2c6149dec29b98a7770fa7e3cb8630a525c088c39a84382ad30556aa9d4092e4b2e356af39cf9d
- SSDEEP
  
  98304:1UZbk6fd56GkLWD9hWfa3s+wuP8ThKV/mo:ybkRVLUhWUz/PIK55
Score

10^/10

wikiloader backdoor loader persistence
- Wikiloader
  Wikiloader is a loader and backdoor written in C++.
  loader backdoor wikiloader
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Installed Components in the registry
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wikiloaderbackdoorloaderpersistence

behavioral2

wikiloaderbackdoorloaderpersistence

behavioral3

wikiloaderbackdoorloaderpersistence

© 2018-2025

Terms | Privacy