Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

31/07/2024, 19:49

240731-yjqkmazfqp 10

30/04/2024, 21:42

240430-1kpe3agd3x 10

General

  • Target

    99fe6730862db95a23d5996996d99d55a809390b152bfdc15d617545016cbbe6.zip

  • Size

    8.5MB

  • Sample

    240430-1kpe3agd3x

  • MD5

    1914923016185375510ebe77c41de172

  • SHA1

    1526594013143e48da425decb19d7b4d00e85dc1

  • SHA256

    99fe6730862db95a23d5996996d99d55a809390b152bfdc15d617545016cbbe6

  • SHA512

    31232130dc9cc78e00dc38cf64c664bb2254afe75c14cb12bdc06d1abe207c3c0f06e9b3301f9910a6b1c07b63d73a4c70557286d0e149ccb600639363859bda

  • SSDEEP

    196608:Lz1xWKqkGTSOwUDLMpvM4KBCmbhOj+UIs1mkSxCBND3R/:LzDb9Ownp/0lTsUnwND3R/

Malware Config

Extracted

Family

wikiloader

C2

https://unokodkelas.cl/wp-content/themes/twentytwenty/pttfrp.php?id=1

https://www.judicialconsulting.es/wp-content/themes/hello-elementor/t745ny.php?id=1

https://polarishousingsystems.com/wp-content/themes/twentytwentyfour/qshgfl.php?id=1

https://barliam.com/ph/wp-content/themes/twentytwentythree/plxka3.php?id=1

Targets

    • Target

      npp.8.6.3.portable.x64/notepad.exe

    • Size

      6.9MB

    • MD5

      2cd84602fc2428e0db00dbce5e20dc80

    • SHA1

      965a62dbba7cbb95b6a7694dc33963ffb105819a

    • SHA256

      4e271372528a9b439d99a7376fc1ac9c67884226a2f7bcbe2f68694c80548287

    • SHA512

      a6f715224a5e9ffb35833591bdc5cf1b76da479c2a6fd2108d921526708f918e6d5d2e9569c879d1d4c76e4606cdd271364b6f85acd8c811439bd08b61665fd2

    • SSDEEP

      98304:QtGdbdZUv5vuLYgtbUK5b8PTnwe65w/mod:Rdbvou8guK52TP6525

    • Wikiloader

      Wikiloader is a loader and backdoor written in C++.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies Installed Components in the registry

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks