Overview

overview

10

Static

static

10

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...el.exe

windows7-x64

1

GlobalProt...el.exe

windows10-2004-x64

1

GlobalProt...st.dll

windows7-x64

1

GlobalProt...st.dll

windows10-2004-x64

1

GlobalProt...me.jar

windows7-x64

1

GlobalProt...me.jar

windows10-2004-x64

7

GlobalProt...af.jar

windows7-x64

1

GlobalProt...af.jar

windows10-2004-x64

7

GlobalProt...64.exe

windows7-x64

1

GlobalProt...64.exe

windows10-2004-x64

10

GlobalProt...e.html

windows7-x64

1

GlobalProt...e.html

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d94be3b5cfe327f3fcca6ab819807555.bin

  • Size

    61.1MB

  • Sample

    240622-d8wgyszfkp

  • MD5

    7fb31c998667d15c3d62838e29f4094d

  • SHA1

    532bd9ea72583666492c5ae1e08c33da2c0432d6

  • SHA256

    7909209bc914457c3d1d48f9441241b17b32c4ccba630e44c6460ad765a86308

  • SHA512

    4d64fff8e0450257e3ca85bb721f857a9864bb2c4872ec6a856a848419551c4be59149fb37dc2e96274a3d852e61952e028186bc195b3e4c3b4b00e48c1f49dd

  • SSDEEP

    1572864:O56wUZm4uonTBZXQLQBcrNBr5fdGUfij8FIngWA:iUZmdWTBZgcBwPdXB

Score
10/10
wikiloaderbackdoordiscoveryjnlploader

Malware Config

Extracted

Rule
Java Network Launch Protocol (JNLP)
C2

$$codebase/$$codebasesuit.jnlp?whitelabel=$$whitelabel

Extracted

Family

wikiloader

C2

https://carniceriamartinezadria.com/wp-content/themes/twentytwentyfour/rleoec.php?id=1

https://jlholgado.com/wp-content/themes/twentytwentyfour/zca2ck.php?id=1

https://elpgtextil.com/wp-content/themes/twentytwentyfour/44snwx.php?id=1

https://arbeitsschutz-mmk.de/plugins/search/contacts/chrndi.php?id=1

Targets

    • Target

      GlobalProtect64/.install4j/i4j_extf_6_7caten.html

    • Size

      532B

    • MD5

      461873fe67aca4fd4ab23bf0b38b6473

    • SHA1

      abbd5c231806b0cfc8d1d0c86aa3e8675692a86b

    • SHA256

      d16fec6375adf17ab7ecfc384139dbe676182fdbd53f92d84179a4d41e19affc

    • SHA512

      9d71fe4cdeb4a37754c57ed1ec3f5b2338c187216adf7e7b538573b18c579521df1918716f4fa336a835b06c1e9cb32c913de07a8d991acdbde7112ac9b255ea

    Score
    1/10
    behavioral1behavioral2

    • Target

      GlobalProtect64/.install4j/i4j_extf_7_7caten.html

    • Size

      403B

    • MD5

      b44a3b3bff9b6112fd91d0044d714766

    • SHA1

      cfe32d1a1183407caa77ab5d93f2783eb746b0d7

    • SHA256

      72f47e9a733674019af0539aba9869adbb48ee0482afbd92cba05be78173d766

    • SHA512

      db63df5bbaf485fc8ec8775fe674eebd3c98c5acedd4ddad2f8ce3244edd1bf44b174826e0cbe96b557ba480ce496ff3add5b95f3e008b053d7782b422ea45ea

    Score
    1/10
    behavioral3behavioral4

    • Target

      GlobalProtect64/.install4j/i4j_extf_8_7caten.html

    • Size

      403B

    • MD5

      a356a23fe603e2f25c01c8467ce1422e

    • SHA1

      ebc4dd99072be176a6ac5b521a6e6509cc281fa4

    • SHA256

      6ce092a75aed47fd71a6abbace57ee232f20c99daa0275f960d003010182df34

    • SHA512

      b57074ff838565de1081ba97333d11fdbb3e6a10fe53985743d12a7c2b4e5529ec4ad23dad07410322d5b650d69b202a868ea785ee54d706185923f88e8ff6f2

    Score
    1/10
    behavioral5behavioral6

    • Target

      GlobalProtect64/.install4j/i4jdel.exe

    • Size

      91KB

    • MD5

      8ea17fccb7319e49fb8f1b22b304c47d

    • SHA1

      9885a6c4f6f7c8e06770838c93a647cedb940b0f

    • SHA256

      c3d1e3ef9aeb3e05158c0a5df0b0724fd4c807a10c9910ef895a43c0fe789f91

    • SHA512

      8dcd1307479a55332861c5d816efbef5b65527baca60a1021784c189537c2a75568844b05f4a8dd16f0951374eb3d68e0a6554105fd1f25da82f52a281160eef

    • SSDEEP

      1536:Ro0iguRSshbhH7JG9cGJOkUPwoavqvzmnBBg7QMZc5lzFwgAPX:5TqrG9b45vzmBy7QMZelzugYX

    Score
    1/10
    behavioral7behavioral8

    • Target

      GlobalProtect64/.install4j/i4jinst.dll

    • Size

      209KB

    • MD5

      6613ccb93ce4eb0ab7671d1ca91b95af

    • SHA1

      dc5719a51d3a662f04f735cab6c7aa918222707b

    • SHA256

      d4eb9a4ee389f03c402e553724015af8d5b85835828bd66b1b45131b6837802f

    • SHA512

      eb78d15af9e4e05d78c3f9a97fe4e53f6448d94d8676845864d518f4cee48f1eb90399243bdb16c3f19c3571a9c0e32737d50cf2ecaa5977dc1f6d481b82b37d

    • SSDEEP

      3072:FqwQoxmmfYC5Bs52cSe1uUQQwSsa8oDPjaFrdLqw1e6lB0b3IYpE+QIjZL9gn:FqwQUmmY2Bs5irEpDPGvG8x+R99gn

    Score
    1/10
    behavioral10behavioral9

    • Target

      GlobalProtect64/.install4j/i4jruntime.jar

    • Size

      1.9MB

    • MD5

      c1b7e0b67222541df273442849cb913c

    • SHA1

      70ae5d17d48d858f27a35e7198e3ff8a517d7375

    • SHA256

      b676144fb9c9be099f82d178f578622571a365dfb257f9eeb0b25c6aa5c1b829

    • SHA512

      6e7de8ffdc735b5c823860ffaedffb2c36ee8ec5fe792040ce8cc6a58822d73b755509711af56754c823c3b1e848cda7635f151ad9da51a7d9f4ca0c82608254

    • SSDEEP

      24576:ziNHw9JMshgX2da6meOeSIQESMVcDzCPxIvxGbHTNgQq7B8k1LnvEROUN8N:ziNQQwrd3YIbpVcOvHKd8k1LvEg

    Score
    7/10
    discovery
    behavioral11behavioral12

    • Target

      GlobalProtect64/.install4j/user/flatlaf.jar

    • Size

      567KB

    • MD5

      de36b2deec6741f742cfc65e7b4942c9

    • SHA1

      b340f36ab424075477f28076053383f5496b5f0f

    • SHA256

      0dec40ef8e67d1fe6140832808be2cf85bb5110b78266a6117b0be068bb343d4

    • SHA512

      91c82273f0998ab1b16403089807704e392ba8002cabfcb53f5c4958c2aeca3d1caf2911aeaadc486a124b133ebd14104f9ff695c766ab3d625e5d0bb49cc24f

    • SSDEEP

      12288:0j1dtDcKKsj/WgXc8dXX+PHjBbhPX+yj0xcNheuE+zl/:0j1ncKKsVrXUvOyj0SNhWSl/

    Score
    7/10
    discovery
    behavioral13behavioral14

    • Target

      GlobalProtect64/GlobalProtect64.exe

    • Size

      359KB

    • MD5

      0ff2ca0c7b5c6e167d52cba95f00eec9

    • SHA1

      bfaa5eea2b921b7a0b801bda00f69196c213b880

    • SHA256

      bd8016b895b404f43e1d6614b564927385d74534cef319c0ea5236dd9ed00b2f

    • SHA512

      1630b14ba53d96369002d78e9f390119781203049a19d7d3e8002bb0103c1b91c746b73b80f9d7ffd1ec7c6caf66eb8f5c2df2d2d801c953941db3be0330273e

    • SSDEEP

      6144:J12UdfHkDSdefEvAxa1snobprfkj3d5Qz1zAyN0Pf2+kqE:T24V4Va2noNE3UzfQkqE

    Score
    10/10
    wikiloaderbackdoorloader

    • Wikiloader

      Wikiloader is a loader and backdoor written in C++.

      loaderbackdoorwikiloader

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral15behavioral16

    • Target

      GlobalProtect64/jre/Welcome.html

    • Size

      1KB

    • MD5

      a0154e8b351df4372081d55752da1c61

    • SHA1

      1c3dc9c2e45a2ff9c0c66db0f0212fae0cd8b0ab

    • SHA256

      285517a831a095139ab3bb5b323c9f7cd989d7edb71e73c2b359fd01fee7f077

    • SHA512

      f1608cd05039ba8264da965eff1ccfd77523f253acb25a529f110ba4d788bc64793f75a672cf11c5eb2e0ab23d95a7f91abcdeb1f5b5f709142b4e9d13b84178

    Score
    1/10
    behavioral17behavioral18

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-console-l1-1-0.dll

    • Size

      18KB

    • MD5

      cde2424d99db56dd0d1eaf34811738c1

    • SHA1

      cc7889c43729b93a4e193b2fd6ae5f22b6ad6b8f

    • SHA256

      4ceaf28cadfd0929b44e9c686b93432a7151504c8ffe2a6afe516f9b16538131

    • SHA512

      d5b8ef2de3fefde29b2c9cccb330c3076ba71d6ae29e1b34617057d8a832d37eae8e2f238e2abb6eb226453c00a835c669a7c03a00cd1698d02272d8eb6998e2

    • SSDEEP

      192:MgWuufhW3a4V10b8uDBks/nGfe4pBjS7EQ8WebtuVaVWQ4eWbKqnajy3Snk0lpn:1W5hWq+10vq0GftpBj5fZblGinjXn

    Score
    1/10
    behavioral19

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-datetime-l1-1-0.dll

    • Size

      17KB

    • MD5

      acf4321ac8c8ff4d0442c799d621f8d9

    • SHA1

      b12f87e6afc48697f1ce8b587715361e89b79cae

    • SHA256

      69b84f7318798a91143e3d273ae9c0bedaabba930e3702447d493e2b8dd70725

    • SHA512

      7878a7cd62f9d259a6bab05e13e9ac5b16437c0d8bda46e864f205465ae19531e5655d7547ae1594a53a05ddeb8b0c6058a73caeb21cd7c81fe5a424303d3bde

    • SSDEEP

      192:hEWuufhWr2ivT16uDBks/nGfe4pBjSbGPKA8WebtuVaVWQ4mWOC9qnajjpxf9c98:aW5hWPvT1Nq0GftpBjjeZRC9lBLcT+

    Score
    1/10
    behavioral20

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-debug-l1-1-0.dll

    • Size

      17KB

    • MD5

      3c47c25b8141d20b2b4d576000000a61

    • SHA1

      04543f9cdd847ff66389c9fd1e12b444dae6383a

    • SHA256

      290030199e8b47d6bcf466f9fc81fee7e6aebc2c16a3f26dd77019f795658956

    • SHA512

      c599ef06045583b28faac051909c28f5f2fa56c34d47f3bd49efc101a1cdcb571a298eb100d0b381e3ebb1ba19b2fb4dd5127f259eb8ab183753722ecbe0f10a

    • SSDEEP

      384:M7eW5hWlo+10vq0GftpBj2uZwDkIldBQ7QMI:YkeinqDFQnI

    Score
    1/10
    behavioral21

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-errorhandling-l1-1-0.dll

    • Size

      18KB

    • MD5

      e05ce0232e64328c62c9da37698566bf

    • SHA1

      50c25e6ecec2cd17ecf3117bb9a646ba107d2b84

    • SHA256

      573aed3f3eb436f9b7c24d51be3be2105deb8149ebda9b964660930c957b2410

    • SHA512

      8093bd5d1ad96d759a5d9183fca27d7cb756e0884776673f132d20119e602ea33f8121893b9b90965b0eb5710e244faf4e2ad738479998fc2c5dc37f83fe18cb

    • SSDEEP

      192:MmxD3KXWuufhW+sivT16uDBks/nGfe4pBjSfhXa8WebtuVaVWQ42WyMsVqnaj87p:MVXW5hWyvT1Nq0GftpBjSZgkldri

    Score
    1/10
    behavioral22

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-file-l1-1-0.dll

    • Size

      21KB

    • MD5

      a26c7ffcf18b62904dab7786de638ea6

    • SHA1

      b28489bc38ee2f522ee83dcf49faeb96f39a77e3

    • SHA256

      74075b7af84378cee0d035c020b320ee52a120b21f71a4972093c9e23d534830

    • SHA512

      768c8d7818acacf83d8bd020ab239408673f6cf9e0e8f1be1dab2dd58c5df4e45b970baf7d8d09887280be0788790eacd6126274deaca6b1c4b7bad3e335b34f

    • SSDEEP

      192:sohaYPvVX8rFTscWuufhWrlFO0ruDBks/nGfe4pBjSb68WebtuVaVWQ4mWst1qnq:JTPvVXiW5hWB80aq0GftpBjQZplBLcQ

    Score
    1/10
    behavioral23

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-file-l1-2-0.dll

    • Size

      18KB

    • MD5

      6a55a7e284b51b086b63cc6f2061ce8b

    • SHA1

      46a48a1ccf5262038b71ed4be09cf625009d078d

    • SHA256

      d9973270a952b4ce615104520051e847b26e4b1cc330a5a95ba1ae128f0dfdeb

    • SHA512

      6a6ba643bf15581cd579e383bac351ccae714d50453cff52cac7dcf5bd472a170e7d33b0509c7bd50c5e76e8a0304fa88dcad63a9e2cd0694a5c56f4a21ae363

    • SSDEEP

      192:ByWuufhWrRivT16uDBks/nGfe4pBjSb9bXe8WebtuVaVWQ4mWWrRHqnajjpxf9cS:ByW5hW0vT1Nq0GftpBjSbRZnlHlBLcYl

    Score
    1/10
    behavioral24

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-file-l2-1-0.dll

    • Size

      18KB

    • MD5

      6e38a6bed88e1c27155e4dc428188ef0

    • SHA1

      8b47a1960ed157f7beeb80fa4a16a723279c4efa

    • SHA256

      144d3a28e43e47fc1cce956255cc80467d4a6fbbb8f612ec6d85f62de030a924

    • SHA512

      3b801875bc5a483eea6d6cc43015e759ee1f66c12585f698cb92368455f25b5309617c8beae39945cadb57009a9c9a9ce21c18dec28e86097c67d8fc5f9febab

    • SSDEEP

      192:HX6WuufhWr7FO0ruDBks/nGfe4pBjSbnUqs28WebtuVaVWQ4mWOYVqnaj87X/fA2:HX6W5hWX80aq0GftpBj2spZkldrps

    Score
    1/10
    behavioral25

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-handle-l1-1-0.dll

    • Size

      18KB

    • MD5

      9304209688e2a18d0b26997bc78fda7a

    • SHA1

      5d4332cf1c5123418c6419d0291486c3939e8785

    • SHA256

      d6bc1509fd2d4ea07e661f2f59395b4d71907d16f59942443a5d460df343dbf4

    • SHA512

      5952e192b6150055bc88e672fb0254bc962abd27afb5c30cd0f52ede98ad84eba9966d721b3b6602116ff40ad5c489a24eac35dde77397db88aa46ad2bd18960

    • SSDEEP

      192:KKWuufhWr2ivT16uDBks/nGfe4pBjSbYA/8WebtuVaVWQ4mW7TqnajPf33PLlYoM:9W5hWHvT1Nq0GftpBj4UZAljZYsqTr

    Score
    1/10
    behavioral26

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-heap-l1-1-0.dll

    • Size

      18KB

    • MD5

      f42a84d78a5a15ff1a4dbac591e95783

    • SHA1

      1cd5b5e68fd729bdd340463b53728634d342b0cd

    • SHA256

      f60267cab87dfc1accf912c212186112aba38742f621549d6bc8d67e217e7234

    • SHA512

      89ba6571df642dbac769c72914b30f2d27107f023a9e1cbb0c6f5412b6a69d414cd99f29de07d06592c7ab9cdfc558f3b65b7050921bd442c01417bac0a850f0

    • SSDEEP

      192:3liWuufhW3XUxQmLuDBks/nGfe4pBjS7LX28We8WebtuVaVWQ4eWmQQPqnajy3Ss:3liW5hWOQ7q0GftpBjkEZfQQPlGinjqZ

    Score
    1/10
    behavioral27

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-interlocked-l1-1-0.dll

    • Size

      18KB

    • MD5

      9f286e57e5b1c1a347adf9eef059ad5d

    • SHA1

      631aa1aa364234acc5ad20b27f926e9cb9ee4276

    • SHA256

      f93ddef4ac14ef778790f3f00057ab6cafc0c99dff52cc24f523d63917719970

    • SHA512

      6df20707ccda0cf9916b7c00b11a4a82b47a0f6e87c6eba0f38e440e143b4aa6e5b48f67d09a9eeef75da2aadfbb5abc7e62362f50d674bb8a532e290699a197

    • SSDEEP

      192:KWuufhWr3ivT16uDBks/nGfe4pBjSbKUs8WebtuVaVWQ4mWMoTqnajPf33PLlYoS:KW5hWmvT1Nq0GftpBjGzZv4ljZYsqHh

    Score
    1/10
    behavioral28

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-libraryloader-l1-1-0.dll

    • Size

      18KB

    • MD5

      beaae8294db31afa04fa60795c6e02ae

    • SHA1

      8a32ebd843e461864747fe0aebf4bbf83c4ec093

    • SHA256

      f8e8d85035bcb478ce2ab47a6476a8c756a7c8fa05bad66b9a03ece6a2ced141

    • SHA512

      dd1a75943401ae5d20c9ee023ba77000db9433a643ec2f102cd3a72faf274deb3611954557c81120d81ff447f86b7309cec1c9005ab37ed7bb48d6e6c239b135

    • SSDEEP

      384:rvuBL3BEW5hWh3rq0GftpBjzkZalBLc2V:aBL3Brii2sV

    Score
    1/10
    behavioral29

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-localization-l1-2-0.dll

    • Size

      20KB

    • MD5

      2ac1289e4dbab076b332869bef26d3ce

    • SHA1

      60570ddd06b671e26c6a814b9c08cdfa0ef38aba

    • SHA256

      6475f20f46814d28845c2fa73e9c283a8504483fa16d911325588c778cf76c26

    • SHA512

      e226fb4739d66e2c4624a9e01ec00dbe3b37dc96995eec35660208d76a9e6758a2a29be1b7986d14074df23ea0fc39d2ce121b7bd32c553371c1b15ff3e2ef7a

    • SSDEEP

      384:ptAuOMw3zdp3bwjGjue9/0jCRrndbAW5hWA80aq0GftpBjV+ZZrmlGinjQKKX:DAuOMwBprwjGjue9/0jCRrndbX4i3qdT

    Score
    1/10
    behavioral30

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-memory-l1-1-0.dll

    • Size

      18KB

    • MD5

      a2661a468bb87ee9cc5dee968fd3805c

    • SHA1

      9b17fbd552e34888f1453f9113ff4c42efaf6d6a

    • SHA256

      dc41da54e717aef60228ee11d10669c31d3ddd532eee9ecad944c09b71b762dd

    • SHA512

      b5c01cb3c991fcf8945c764b853f8a32fce324f01562107e086dd998a1b31f9285a0d645c96052b94c955f3626691c3ca2cc9e04d8594a0a7c042530549f1aa3

    • SSDEEP

      192:zQWuufhWrixf/0uDBks/nGfe4pBjSbl7Y88WebtuVaVWQ4mWyymqnajiG7AzTvfJ:zQW5hWS3rq0GftpBj9jZlymlO62vfGkb

    Score
    1/10
    behavioral31

    • Target

      GlobalProtect64/jre/bin/api-ms-win-core-namedpipe-l1-1-0.dll

    • Size

      18KB

    • MD5

      acbfc011d5842ba60c372ba3d222ab70

    • SHA1

      16b8014060a04bb03215f6ce4c118bae48653bd5

    • SHA256

      b0ae48eb5ff51fa038e1ed23c7c48d266c20c2af3f9907ee6906bb0346df7f9e

    • SHA512

      dce34d64e6674b67c7c6e7c34886c1ede2967e6af7cfe2addfe51fcf70780a33d7308e7ce81a80149034b8f910c045b3ea81f458d9227448fc4b339dc05a59d3

    • SSDEEP

      192:1cIWuufhW3bFO0ruDBks/nGfe4pBjS7irpMk8WebtuVaVWQ4eW5eqnajy3Snk0b7:CIW5hWL80aq0GftpBjNUZkelGinjn

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

jnlp
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

discovery
Score
7/10

behavioral13

Score
1/10

behavioral14

discovery
Score
7/10

behavioral15

Score
1/10

behavioral16

wikiloaderbackdoorloader
Score
10/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.