wikiloader

Resubmissions

26-07-2024 09:06

240726-k2ts4ssbnb 10

20-06-2024 20:05

240620-yts4havhph 10

Sharing

Copy URL

Twitter E-mail

General

Target

GlobalProtect64.zip
Size

61.4MB
Sample

240620-yts4havhph
MD5

d94be3b5cfe327f3fcca6ab819807555
SHA1

94a0a69a771e1a869c76ce556a1d10068a916d59
SHA256

67edf175321f92df454c58fc64babaf1905a2843b0fe7105a3d5c6146c0e9898
SHA512

66d343c9b1dfeabf995927f83bdb44afc0ca573b7cdd3d2d289d69b46fbaafb7a7fdd147b144324f0aebc3fb32fdc6c23198b262d0956c673ab6ee19c728d887
SSDEEP

1572864:gPVCf6uuQ9TRMlomJuhtkv/Tjyu9DyAH2DGpfx0:CVCf5uQdulomo8v/fn92/DMfG

Score

10^/10

Malware Config

Extracted

Rule

Java Network Launch Protocol (JNLP)

$$codebase/$$codebasesuit.jnlp?whitelabel=$$whitelabel

Extracted

Family

wikiloader

https://carniceriamartinezadria.com/wp-content/themes/twentytwentyfour/rleoec.php?id=1

https://jlholgado.com/wp-content/themes/twentytwentyfour/zca2ck.php?id=1

https://elpgtextil.com/wp-content/themes/twentytwentyfour/44snwx.php?id=1

https://arbeitsschutz-mmk.de/plugins/search/contacts/chrndi.php?id=1

Targets

- Target
  
  GlobalProtect64/.install4j/i4j_extf_6_7caten.html
- Size
  
  532B
- MD5
  
  461873fe67aca4fd4ab23bf0b38b6473
- SHA1
  
  abbd5c231806b0cfc8d1d0c86aa3e8675692a86b
- SHA256
  
  d16fec6375adf17ab7ecfc384139dbe676182fdbd53f92d84179a4d41e19affc
- SHA512
  
  9d71fe4cdeb4a37754c57ed1ec3f5b2338c187216adf7e7b538573b18c579521df1918716f4fa336a835b06c1e9cb32c913de07a8d991acdbde7112ac9b255ea
Score

1^/10
behavioral1 behavioral2
- Target
  
  GlobalProtect64/.install4j/i4j_extf_7_7caten.html
- Size
  
  403B
- MD5
  
  b44a3b3bff9b6112fd91d0044d714766
- SHA1
  
  cfe32d1a1183407caa77ab5d93f2783eb746b0d7
- SHA256
  
  72f47e9a733674019af0539aba9869adbb48ee0482afbd92cba05be78173d766
- SHA512
  
  db63df5bbaf485fc8ec8775fe674eebd3c98c5acedd4ddad2f8ce3244edd1bf44b174826e0cbe96b557ba480ce496ff3add5b95f3e008b053d7782b422ea45ea
Score

1^/10
behavioral3 behavioral4
- Target
  
  GlobalProtect64/.install4j/i4j_extf_8_7caten.html
- Size
  
  403B
- MD5
  
  a356a23fe603e2f25c01c8467ce1422e
- SHA1
  
  ebc4dd99072be176a6ac5b521a6e6509cc281fa4
- SHA256
  
  6ce092a75aed47fd71a6abbace57ee232f20c99daa0275f960d003010182df34
- SHA512
  
  b57074ff838565de1081ba97333d11fdbb3e6a10fe53985743d12a7c2b4e5529ec4ad23dad07410322d5b650d69b202a868ea785ee54d706185923f88e8ff6f2
Score

1^/10
behavioral5 behavioral6
- Target
  
  GlobalProtect64/.install4j/i4jdel.exe
- Size
  
  91KB
- MD5
  
  8ea17fccb7319e49fb8f1b22b304c47d
- SHA1
  
  9885a6c4f6f7c8e06770838c93a647cedb940b0f
- SHA256
  
  c3d1e3ef9aeb3e05158c0a5df0b0724fd4c807a10c9910ef895a43c0fe789f91
- SHA512
  
  8dcd1307479a55332861c5d816efbef5b65527baca60a1021784c189537c2a75568844b05f4a8dd16f0951374eb3d68e0a6554105fd1f25da82f52a281160eef
- SSDEEP
  
  1536:Ro0iguRSshbhH7JG9cGJOkUPwoavqvzmnBBg7QMZc5lzFwgAPX:5TqrG9b45vzmBy7QMZelzugYX
Score

1^/10
behavioral7 behavioral8
- Target
  
  GlobalProtect64/.install4j/i4jinst.dll
- Size
  
  209KB
- MD5
  
  6613ccb93ce4eb0ab7671d1ca91b95af
- SHA1
  
  dc5719a51d3a662f04f735cab6c7aa918222707b
- SHA256
  
  d4eb9a4ee389f03c402e553724015af8d5b85835828bd66b1b45131b6837802f
- SHA512
  
  eb78d15af9e4e05d78c3f9a97fe4e53f6448d94d8676845864d518f4cee48f1eb90399243bdb16c3f19c3571a9c0e32737d50cf2ecaa5977dc1f6d481b82b37d
- SSDEEP
  
  3072:FqwQoxmmfYC5Bs52cSe1uUQQwSsa8oDPjaFrdLqw1e6lB0b3IYpE+QIjZL9gn:FqwQUmmY2Bs5irEpDPGvG8x+R99gn
Score

1^/10
behavioral10 behavioral9
- Target
  
  GlobalProtect64/.install4j/i4jruntime.jar
- Size
  
  1.9MB
- MD5
  
  c1b7e0b67222541df273442849cb913c
- SHA1
  
  70ae5d17d48d858f27a35e7198e3ff8a517d7375
- SHA256
  
  b676144fb9c9be099f82d178f578622571a365dfb257f9eeb0b25c6aa5c1b829
- SHA512
  
  6e7de8ffdc735b5c823860ffaedffb2c36ee8ec5fe792040ce8cc6a58822d73b755509711af56754c823c3b1e848cda7635f151ad9da51a7d9f4ca0c82608254
- SSDEEP
  
  24576:ziNHw9JMshgX2da6meOeSIQESMVcDzCPxIvxGbHTNgQq7B8k1LnvEROUN8N:ziNQQwrd3YIbpVcOvHKd8k1LvEg
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral11 behavioral12
- Target
  
  GlobalProtect64/.install4j/user/flatlaf.jar
- Size
  
  567KB
- MD5
  
  de36b2deec6741f742cfc65e7b4942c9
- SHA1
  
  b340f36ab424075477f28076053383f5496b5f0f
- SHA256
  
  0dec40ef8e67d1fe6140832808be2cf85bb5110b78266a6117b0be068bb343d4
- SHA512
  
  91c82273f0998ab1b16403089807704e392ba8002cabfcb53f5c4958c2aeca3d1caf2911aeaadc486a124b133ebd14104f9ff695c766ab3d625e5d0bb49cc24f
- SSDEEP
  
  12288:0j1dtDcKKsj/WgXc8dXX+PHjBbhPX+yj0xcNheuE+zl/:0j1ncKKsVrXUvOyj0SNhWSl/
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral13 behavioral14
- Target
  
  GlobalProtect64/GlobalProtect64.exe
- Size
  
  359KB
- MD5
  
  0ff2ca0c7b5c6e167d52cba95f00eec9
- SHA1
  
  bfaa5eea2b921b7a0b801bda00f69196c213b880
- SHA256
  
  bd8016b895b404f43e1d6614b564927385d74534cef319c0ea5236dd9ed00b2f
- SHA512
  
  1630b14ba53d96369002d78e9f390119781203049a19d7d3e8002bb0103c1b91c746b73b80f9d7ffd1ec7c6caf66eb8f5c2df2d2d801c953941db3be0330273e
- SSDEEP
  
  6144:J12UdfHkDSdefEvAxa1snobprfkj3d5Qz1zAyN0Pf2+kqE:T24V4Va2noNE3UzfQkqE
Score

10^/10

wikiloader backdoor loader
- Wikiloader
  Wikiloader is a loader and backdoor written in C++.
  loader backdoor wikiloader
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral15 behavioral16
- Target
  
  GlobalProtect64/jre/Welcome.html
- Size
  
  1KB
- MD5
  
  a0154e8b351df4372081d55752da1c61
- SHA1
  
  1c3dc9c2e45a2ff9c0c66db0f0212fae0cd8b0ab
- SHA256
  
  285517a831a095139ab3bb5b323c9f7cd989d7edb71e73c2b359fd01fee7f077
- SHA512
  
  f1608cd05039ba8264da965eff1ccfd77523f253acb25a529f110ba4d788bc64793f75a672cf11c5eb2e0ab23d95a7f91abcdeb1f5b5f709142b4e9d13b84178
Score

1^/10
behavioral17 behavioral18
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-console-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  cde2424d99db56dd0d1eaf34811738c1
- SHA1
  
  cc7889c43729b93a4e193b2fd6ae5f22b6ad6b8f
- SHA256
  
  4ceaf28cadfd0929b44e9c686b93432a7151504c8ffe2a6afe516f9b16538131
- SHA512
  
  d5b8ef2de3fefde29b2c9cccb330c3076ba71d6ae29e1b34617057d8a832d37eae8e2f238e2abb6eb226453c00a835c669a7c03a00cd1698d02272d8eb6998e2
- SSDEEP
  
  192:MgWuufhW3a4V10b8uDBks/nGfe4pBjS7EQ8WebtuVaVWQ4eWbKqnajy3Snk0lpn:1W5hWq+10vq0GftpBj5fZblGinjXn
Score

1^/10
behavioral19
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-datetime-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  acf4321ac8c8ff4d0442c799d621f8d9
- SHA1
  
  b12f87e6afc48697f1ce8b587715361e89b79cae
- SHA256
  
  69b84f7318798a91143e3d273ae9c0bedaabba930e3702447d493e2b8dd70725
- SHA512
  
  7878a7cd62f9d259a6bab05e13e9ac5b16437c0d8bda46e864f205465ae19531e5655d7547ae1594a53a05ddeb8b0c6058a73caeb21cd7c81fe5a424303d3bde
- SSDEEP
  
  192:hEWuufhWr2ivT16uDBks/nGfe4pBjSbGPKA8WebtuVaVWQ4mWOC9qnajjpxf9c98:aW5hWPvT1Nq0GftpBjjeZRC9lBLcT+
Score

1^/10
behavioral20
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-debug-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  3c47c25b8141d20b2b4d576000000a61
- SHA1
  
  04543f9cdd847ff66389c9fd1e12b444dae6383a
- SHA256
  
  290030199e8b47d6bcf466f9fc81fee7e6aebc2c16a3f26dd77019f795658956
- SHA512
  
  c599ef06045583b28faac051909c28f5f2fa56c34d47f3bd49efc101a1cdcb571a298eb100d0b381e3ebb1ba19b2fb4dd5127f259eb8ab183753722ecbe0f10a
- SSDEEP
  
  384:M7eW5hWlo+10vq0GftpBj2uZwDkIldBQ7QMI:YkeinqDFQnI
Score

1^/10
behavioral21
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-errorhandling-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  e05ce0232e64328c62c9da37698566bf
- SHA1
  
  50c25e6ecec2cd17ecf3117bb9a646ba107d2b84
- SHA256
  
  573aed3f3eb436f9b7c24d51be3be2105deb8149ebda9b964660930c957b2410
- SHA512
  
  8093bd5d1ad96d759a5d9183fca27d7cb756e0884776673f132d20119e602ea33f8121893b9b90965b0eb5710e244faf4e2ad738479998fc2c5dc37f83fe18cb
- SSDEEP
  
  192:MmxD3KXWuufhW+sivT16uDBks/nGfe4pBjSfhXa8WebtuVaVWQ42WyMsVqnaj87p:MVXW5hWyvT1Nq0GftpBjSZgkldri
Score

1^/10
behavioral22
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-file-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  a26c7ffcf18b62904dab7786de638ea6
- SHA1
  
  b28489bc38ee2f522ee83dcf49faeb96f39a77e3
- SHA256
  
  74075b7af84378cee0d035c020b320ee52a120b21f71a4972093c9e23d534830
- SHA512
  
  768c8d7818acacf83d8bd020ab239408673f6cf9e0e8f1be1dab2dd58c5df4e45b970baf7d8d09887280be0788790eacd6126274deaca6b1c4b7bad3e335b34f
- SSDEEP
  
  192:sohaYPvVX8rFTscWuufhWrlFO0ruDBks/nGfe4pBjSb68WebtuVaVWQ4mWst1qnq:JTPvVXiW5hWB80aq0GftpBjQZplBLcQ
Score

1^/10
behavioral23
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-file-l1-2-0.dll
- Size
  
  18KB
- MD5
  
  6a55a7e284b51b086b63cc6f2061ce8b
- SHA1
  
  46a48a1ccf5262038b71ed4be09cf625009d078d
- SHA256
  
  d9973270a952b4ce615104520051e847b26e4b1cc330a5a95ba1ae128f0dfdeb
- SHA512
  
  6a6ba643bf15581cd579e383bac351ccae714d50453cff52cac7dcf5bd472a170e7d33b0509c7bd50c5e76e8a0304fa88dcad63a9e2cd0694a5c56f4a21ae363
- SSDEEP
  
  192:ByWuufhWrRivT16uDBks/nGfe4pBjSb9bXe8WebtuVaVWQ4mWWrRHqnajjpxf9cS:ByW5hW0vT1Nq0GftpBjSbRZnlHlBLcYl
Score

1^/10
behavioral24
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-file-l2-1-0.dll
- Size
  
  18KB
- MD5
  
  6e38a6bed88e1c27155e4dc428188ef0
- SHA1
  
  8b47a1960ed157f7beeb80fa4a16a723279c4efa
- SHA256
  
  144d3a28e43e47fc1cce956255cc80467d4a6fbbb8f612ec6d85f62de030a924
- SHA512
  
  3b801875bc5a483eea6d6cc43015e759ee1f66c12585f698cb92368455f25b5309617c8beae39945cadb57009a9c9a9ce21c18dec28e86097c67d8fc5f9febab
- SSDEEP
  
  192:HX6WuufhWr7FO0ruDBks/nGfe4pBjSbnUqs28WebtuVaVWQ4mWOYVqnaj87X/fA2:HX6W5hWX80aq0GftpBj2spZkldrps
Score

1^/10
behavioral25
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-handle-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  9304209688e2a18d0b26997bc78fda7a
- SHA1
  
  5d4332cf1c5123418c6419d0291486c3939e8785
- SHA256
  
  d6bc1509fd2d4ea07e661f2f59395b4d71907d16f59942443a5d460df343dbf4
- SHA512
  
  5952e192b6150055bc88e672fb0254bc962abd27afb5c30cd0f52ede98ad84eba9966d721b3b6602116ff40ad5c489a24eac35dde77397db88aa46ad2bd18960
- SSDEEP
  
  192:KKWuufhWr2ivT16uDBks/nGfe4pBjSbYA/8WebtuVaVWQ4mW7TqnajPf33PLlYoM:9W5hWHvT1Nq0GftpBj4UZAljZYsqTr
Score

1^/10
behavioral26
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-heap-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  f42a84d78a5a15ff1a4dbac591e95783
- SHA1
  
  1cd5b5e68fd729bdd340463b53728634d342b0cd
- SHA256
  
  f60267cab87dfc1accf912c212186112aba38742f621549d6bc8d67e217e7234
- SHA512
  
  89ba6571df642dbac769c72914b30f2d27107f023a9e1cbb0c6f5412b6a69d414cd99f29de07d06592c7ab9cdfc558f3b65b7050921bd442c01417bac0a850f0
- SSDEEP
  
  192:3liWuufhW3XUxQmLuDBks/nGfe4pBjS7LX28We8WebtuVaVWQ4eWmQQPqnajy3Ss:3liW5hWOQ7q0GftpBjkEZfQQPlGinjqZ
Score

1^/10
behavioral27
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-interlocked-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  9f286e57e5b1c1a347adf9eef059ad5d
- SHA1
  
  631aa1aa364234acc5ad20b27f926e9cb9ee4276
- SHA256
  
  f93ddef4ac14ef778790f3f00057ab6cafc0c99dff52cc24f523d63917719970
- SHA512
  
  6df20707ccda0cf9916b7c00b11a4a82b47a0f6e87c6eba0f38e440e143b4aa6e5b48f67d09a9eeef75da2aadfbb5abc7e62362f50d674bb8a532e290699a197
- SSDEEP
  
  192:KWuufhWr3ivT16uDBks/nGfe4pBjSbKUs8WebtuVaVWQ4mWMoTqnajPf33PLlYoS:KW5hWmvT1Nq0GftpBjGzZv4ljZYsqHh
Score

1^/10
behavioral28
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-libraryloader-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  beaae8294db31afa04fa60795c6e02ae
- SHA1
  
  8a32ebd843e461864747fe0aebf4bbf83c4ec093
- SHA256
  
  f8e8d85035bcb478ce2ab47a6476a8c756a7c8fa05bad66b9a03ece6a2ced141
- SHA512
  
  dd1a75943401ae5d20c9ee023ba77000db9433a643ec2f102cd3a72faf274deb3611954557c81120d81ff447f86b7309cec1c9005ab37ed7bb48d6e6c239b135
- SSDEEP
  
  384:rvuBL3BEW5hWh3rq0GftpBjzkZalBLc2V:aBL3Brii2sV
Score

1^/10
behavioral29
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-localization-l1-2-0.dll
- Size
  
  20KB
- MD5
  
  2ac1289e4dbab076b332869bef26d3ce
- SHA1
  
  60570ddd06b671e26c6a814b9c08cdfa0ef38aba
- SHA256
  
  6475f20f46814d28845c2fa73e9c283a8504483fa16d911325588c778cf76c26
- SHA512
  
  e226fb4739d66e2c4624a9e01ec00dbe3b37dc96995eec35660208d76a9e6758a2a29be1b7986d14074df23ea0fc39d2ce121b7bd32c553371c1b15ff3e2ef7a
- SSDEEP
  
  384:ptAuOMw3zdp3bwjGjue9/0jCRrndbAW5hWA80aq0GftpBjV+ZZrmlGinjQKKX:DAuOMwBprwjGjue9/0jCRrndbX4i3qdT
Score

1^/10
behavioral30
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-memory-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  a2661a468bb87ee9cc5dee968fd3805c
- SHA1
  
  9b17fbd552e34888f1453f9113ff4c42efaf6d6a
- SHA256
  
  dc41da54e717aef60228ee11d10669c31d3ddd532eee9ecad944c09b71b762dd
- SHA512
  
  b5c01cb3c991fcf8945c764b853f8a32fce324f01562107e086dd998a1b31f9285a0d645c96052b94c955f3626691c3ca2cc9e04d8594a0a7c042530549f1aa3
- SSDEEP
  
  192:zQWuufhWrixf/0uDBks/nGfe4pBjSbl7Y88WebtuVaVWQ4mWyymqnajiG7AzTvfJ:zQW5hWS3rq0GftpBj9jZlymlO62vfGkb
Score

1^/10
behavioral31
- Target
  
  GlobalProtect64/jre/bin/api-ms-win-core-namedpipe-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  acbfc011d5842ba60c372ba3d222ab70
- SHA1
  
  16b8014060a04bb03215f6ce4c118bae48653bd5
- SHA256
  
  b0ae48eb5ff51fa038e1ed23c7c48d266c20c2af3f9907ee6906bb0346df7f9e
- SHA512
  
  dce34d64e6674b67c7c6e7c34886c1ede2967e6af7cfe2addfe51fcf70780a33d7308e7ce81a80149034b8f910c045b3ea81f458d9227448fc4b339dc05a59d3
- SSDEEP
  
  192:1cIWuufhW3bFO0ruDBks/nGfe4pBjS7irpMk8WebtuVaVWQ4eW5eqnajy3Snk0b7:CIW5hWL80aq0GftpBjNUZkelGinjn
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Modifies file permissions

Modifies file permissions

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32