wikiloader | 99fe6730862db95a23d5996996d99d55a809390b152bfdc15d617545016cbbe6 | Triage

Resubmissions

31/07/2024, 19:49

240731-yjqkmazfqp 10

30/04/2024, 21:42

240430-1kpe3agd3x 10

Sharing

General

Target

99fe6730862db95a23d5996996d99d55a809390b152bfdc15d617545016cbbe6.zip
Size

8.5MB
Sample

240430-1kpe3agd3x
MD5

1914923016185375510ebe77c41de172
SHA1

1526594013143e48da425decb19d7b4d00e85dc1
SHA256

99fe6730862db95a23d5996996d99d55a809390b152bfdc15d617545016cbbe6
SHA512

31232130dc9cc78e00dc38cf64c664bb2254afe75c14cb12bdc06d1abe207c3c0f06e9b3301f9910a6b1c07b63d73a4c70557286d0e149ccb600639363859bda
SSDEEP

196608:Lz1xWKqkGTSOwUDLMpvM4KBCmbhOj+UIs1mkSxCBND3R/:LzDb9Ownp/0lTsUnwND3R/

Score

10^/10

wikiloader backdoor loader persistence

Malware Config

Extracted

Family

wikiloader

C2

https://unokodkelas.cl/wp-content/themes/twentytwenty/pttfrp.php?id=1

https://www.judicialconsulting.es/wp-content/themes/hello-elementor/t745ny.php?id=1

https://polarishousingsystems.com/wp-content/themes/twentytwentyfour/qshgfl.php?id=1

https://barliam.com/ph/wp-content/themes/twentytwentythree/plxka3.php?id=1

Targets

- Target
  
  npp.8.6.3.portable.x64/notepad.exe
- Size
  
  6.9MB
- MD5
  
  2cd84602fc2428e0db00dbce5e20dc80
- SHA1
  
  965a62dbba7cbb95b6a7694dc33963ffb105819a
- SHA256
  
  4e271372528a9b439d99a7376fc1ac9c67884226a2f7bcbe2f68694c80548287
- SHA512
  
  a6f715224a5e9ffb35833591bdc5cf1b76da479c2a6fd2108d921526708f918e6d5d2e9569c879d1d4c76e4606cdd271364b6f85acd8c811439bd08b61665fd2
- SSDEEP
  
  98304:QtGdbdZUv5vuLYgtbUK5b8PTnwe65w/mod:Rdbvou8guK52TP6525
Score

10^/10

wikiloader backdoor loader persistence
- Wikiloader
  Wikiloader is a loader and backdoor written in C++.
  loader backdoor wikiloader
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Installed Components in the registry
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

wikiloaderbackdoorloaderpersistence