wikiloader | cade322bf1c5f58f44d8970de70ca83cf53d2d6ab5e43f53a8ed26a343c95309 | Triage

Resubmissions

17/04/2024, 17:04

240417-vlpvbshe81 10

17/04/2024, 16:36

240417-t384vsfe75 6

Sharing

General

Target

1_npp.8.6.3.portable.x64.zip
Size

8.5MB
Sample

240417-vlpvbshe81
MD5

2bf7b316ba201c859d0e0b21722ac551
SHA1

602407aa754ef29b76d294922a83f320de4b19d5
SHA256

cade322bf1c5f58f44d8970de70ca83cf53d2d6ab5e43f53a8ed26a343c95309
SHA512

3f434c5bf630149d0c626f2142e1933325b6d930defea149982cd5ba5588be60a2667a809f81afddc62b975db3c2a95024b304c97f27e41866218a99bf5ea6b2
SSDEEP

196608:bzmu7WKqkGTSOwUDLMpvM4KBCmbhOj+UIs1mkSA1IND3RA:bznb9Ownp/0lTsUxND3RA

Score

10^/10

wikiloader backdoor loader persistence

Malware Config

Extracted

Family

wikiloader

C2

https://www.savetheworldpodcast.com/wp-content/themes/twentytwentyone/msecgc.php?id=1

https://retrobox.rocks/wp-content/themes/twentytwentyfour/vhpg2j.php?id=1

https://dreamerz.vn/wp-content/themes/twentytwentyone/0srbuw.php?id=1

https://www.briccodeldente.it/wp-content/themes/white-rock-progression/l3h0y5.php?id=1

Targets

- Target
  
  npp.8.6.3.portable.x64/notepad.exe
- Size
  
  6.9MB
- MD5
  
  2cd84602fc2428e0db00dbce5e20dc80
- SHA1
  
  965a62dbba7cbb95b6a7694dc33963ffb105819a
- SHA256
  
  4e271372528a9b439d99a7376fc1ac9c67884226a2f7bcbe2f68694c80548287
- SHA512
  
  a6f715224a5e9ffb35833591bdc5cf1b76da479c2a6fd2108d921526708f918e6d5d2e9569c879d1d4c76e4606cdd271364b6f85acd8c811439bd08b61665fd2
- SSDEEP
  
  98304:QtGdbdZUv5vuLYgtbUK5b8PTnwe65w/mod:Rdbvou8guK52TP6525
Score

10^/10

wikiloader backdoor loader persistence
- Wikiloader
  Wikiloader is a loader and backdoor written in C++.
  loader backdoor wikiloader
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Installed Components in the registry
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wikiloaderbackdoorloaderpersistence