wikiloader

Sharing

Copy URL

Twitter E-mail

General

Target

1f2f0fcf6f0870dd3ad85410d6a94a840c9ab5d89a003288ec5c77aae0a0d5f4_JC.zip
Size

20.4MB
Sample

240929-qgpasaygmd
MD5

b38aa707b7cf88371d62dbf19d6a8e40
SHA1

645ae77daa9d48e0461fd7e383932f406497ff87
SHA256

1f2f0fcf6f0870dd3ad85410d6a94a840c9ab5d89a003288ec5c77aae0a0d5f4
SHA512

df06efb5a69d202bd091fd88d9810f5d66dcedb2fff32e91d4c6e4f8235c50ffc2dfe2e991126b5818eba5a611644701584b1c539dcaa96918e1061051b62052
SSDEEP

393216:x+7OGyDXm7tIfRjSPrPidB4Ah5kGi4ZvOwaCs49PwUUo3GGVrAq9WlWA:x+7OGyLKkRjSPrPigI5di2vON2uUtLre

Score

10^/10

Malware Config

Extracted

Family

wikiloader

https://rootedinchange.org/wp-content/themes/shop-isle/inc/structure/uihdud12j991.php?id=1

https://stills.sale/wp-admin/css/iudvg12hd21i89.php?id=1

https://thelevelexpert.com/wp-admin/css/duuu187y289d2.php?id=1

https://valburtonphoto.com/wp-admin/js/81uduhwudj192dkps.php?id=1

Targets

- Target
  
  CCleaner1/CCUpdate.exe
- Size
  
  697KB
- MD5
  
  0f0b90a01f049665ca511335f9f0bf2e
- SHA1
  
  baf4016e50050b24925437864bfb3c19d0baa901
- SHA256
  
  4ad9635351c8e8579c4d4c2bdd679ea7b135ec329adc6fd5d8211255e2e666be
- SHA512
  
  44da936d020e857bf3bfa2bcc7a91182da9c1f320fe041bb2836d4e8ae99d4b939ea27842b49b9a2cd24e09c7698579617584d431a2b2f7eafdafa1fb9a59c50
- SSDEEP
  
  12288:VBkGdCMw6KJx17OeNg086YN/ggggMDMCy/VmuqLZeviFGQ2mfzAuEUVoFY:VBkeFw62+ggggMvGmev/6ZEUVoFY
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  CCleaner1/CCleaner.exe
- Size
  
  2.6MB
- MD5
  
  15a712903d393839edde2bd426c16172
- SHA1
  
  4ca63e42c1cdce905ddbe55ac8e0f06d64256eae
- SHA256
  
  46615ee15d060fbd0c1874a3a0179dcb5668cdc6d59b489a15d564e358e2c698
- SHA512
  
  4b90269c7da4f599e842069492b7b7088d27fa48d52b1cfaf266599744053388121b233c48b02fc47f5c7c8aa4d651e82184e95c253d44a2f1f09c6e8c6089a8
- SSDEEP
  
  49152:iDjA6pGHZAMdkDi4pWzUro5tKqE9JKXLSdCFy8kwLsY1RIfH2cunBoc5YLN:Sd+sYWWcuBoc5m
Score

10^/10

wikiloader backdoor loader
- Wikiloader
  Wikiloader is a loader and backdoor written in C++.
  loader backdoor wikiloader
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  CCleaner1/CCleanerBugReport.exe
- Size
  
  4.5MB
- MD5
  
  0118110c3f15faa3f1cbd0102b3543ba
- SHA1
  
  7aebef19540a30e2ce073b52f37e159f6e30c2c2
- SHA256
  
  279075649b076c5d2c9a9bedc7b3356c86b010865465bd5c044f440fac202fe9
- SHA512
  
  ede00389817151a676ff6f541c9d285500c7dd086ff5c93fce0c6b1420f579666417fe8cfaf5230dc3a2d0e8a3fd2ccf18f00cb1ba5b41901ff398c1e0cb0691
- SSDEEP
  
  49152:kML9H/ldUeV4fvcom6/7zkUIZdnP+WbfHMIXOfATPAmRPAikFmUhbeCD82JW1OI5:Kea0om6/75e+WbRdP2mKiCul
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  CCleaner1/CCleanerDU.dll
- Size
  
  8.2MB
- MD5
  
  35f31f890f7390288d79ee9d697a77e3
- SHA1
  
  bf0c2f0961cca88910455acaad3094e32a75d28a
- SHA256
  
  b81e87d8a385c00fa4a72a3c2472a0a2c37dd7c611c8b0356ef99b7cebd0afe1
- SHA512
  
  25eaf52837a565d3646b247899a557c9974be6f712da7e7602d79b733788fcd348553864bb0a79a7f40d100f1aa7f172c978dfad4962129bf0bd9e5854e70e31
- SSDEEP
  
  98304:Q9+aj3Pprk3UZ44ZMzqGawSkZlqXwLhfr80ZOI0:g1j3NkEZfqzhVZEXwhjJ4
Score

1^/10
behavioral7 behavioral8
- Target
  
  CCleaner1/CCleanerPerformanceOptimizer.dll
- Size
  
  6.6MB
- MD5
  
  7da68dfd3258dec2de500739b69a58fd
- SHA1
  
  fa12564fe0ef4723e9edfc680c1376a4edcf0795
- SHA256
  
  f116cdb462961e593a64abad51bd35e39d8ed80fa5848afb53bcc365a86a1079
- SHA512
  
  d761db970af831f5c65f61c8b4b9cc272cf70408a2e6d643d90966a35144fb60fbcd1835288ee482bec0b801ab1dd59e5b3fa967860d5b1968a9b5a2e6dd618c
- SSDEEP
  
  98304:UqUX+YMcv+sq0Jz7TZN88Yq5k4wLzWcZQ:gfd9NDYHQ
Score

1^/10
behavioral10 behavioral9
- Target
  
  CCleaner1/CCleanerPerformanceOptimizerService.exe
- Size
  
  1.0MB
- MD5
  
  2e7bf0c9c713be51d1a15fe867bc70ca
- SHA1
  
  2ee3cd039acd5c2c0ce1b1c0501633d0c93a67b7
- SHA256
  
  7d1b3834b5bb0ec3eb641a0a816f9926581885491a6dfc774ad40795ae110f2c
- SHA512
  
  e52d79e70a80a97efcc2194cafd8c6510c4a0443a975b6879f8d0481ea2fb7d26a8580e73eb0d1e26c6e360ad4d9d065e713e567b20ade4b6c9c82086fbcba59
- SSDEEP
  
  24576:9WpsSJBFNtjaXDthcDHWU3uL9h0lhSMXlFLjB+Y:aJBF3jaXZhcDZ3K0pB+Y
Score

1^/10
behavioral11 behavioral12
- Target
  
  CCleaner1/CCleanerReactivator.dll
- Size
  
  2.1MB
- MD5
  
  033ce46a5fff4754c4d6c361e311861c
- SHA1
  
  2f47eeaf2c1f7e8e5edce177324b2820d2bd7e76
- SHA256
  
  6836aeb2cf3ee03887ad8d2baced1aed44d87f0bd8ea04da5fb949357c0de920
- SHA512
  
  9d8c9d5fc37aec9bd3725e5cab34ba5a108862004e829746926e50fc8ccfbf36b9c4096006577658936555bd8fb0ec221478c939a74b12d38808887797731e42
- SSDEEP
  
  49152:b2i/j/84UYLVaP0a49ihl/CIcv+MyhcH0jS8fVE:x1LVIhl/7G
Score

1^/10
behavioral13 behavioral14
- Target
  
  CCleaner1/CCleanerReactivator.exe
- Size
  
  184KB
- MD5
  
  03f5a8b36ae12e7acf0c29d59e9b9ba6
- SHA1
  
  09a6b699f976e23aa3b7aef91e13214750ee2014
- SHA256
  
  22682fd769cee4965b87f213905baae2db2200f887bb5d8e813ec792f9abd4f2
- SHA512
  
  a9c25eae96871c68c8f524bc8384e0e88c3684f197114ee592b54942bb3e70202e5fbbe07dedec5a17e158439538b3eb3458367f9e9beacd69a7a20adaf8c8e0
- SSDEEP
  
  3072:UUDa/t2wVzAEt93Yl69ipg+MbkARqZP68b/JNDCOSp3CvdHOcJn+UAQBR0:UUDI2UzA293E69iub8i8blSpwlrJiA
Score

1^/10
behavioral15 behavioral16
- Target
  
  CCleaner1/Lang/lang-1025.dll
- Size
  
  237KB
- MD5
  
  0e2137dd7441b14050f587116979c028
- SHA1
  
  c24d5eeca4205d1219ba5fc6d227fd8620a1093d
- SHA256
  
  19f167ae1e2f4d130703f73a8cca2b3685295ed67b10f1b4bf32f16b3affb792
- SHA512
  
  007524a441b704ac0007faa5014ce04fd473e397c968280486a3fc05fa5c6643e20acfc4f4806c3fb5671d6b93a5bc3bafac78ecdcf27b38cae2c1d2cc617f7e
- SSDEEP
  
  3072:9UjpwJ5WckrG4m41yOfF3FForEjl34/s2O8sl10sO62nVvxXbnQTOq3IK5zeDxE6:E3HEsS7t1
Score

1^/10
behavioral17 behavioral18
- Target
  
  CCleaner1/Lang/lang-1026.dll
- Size
  
  281KB
- MD5
  
  f0d73aeef988b2f626c5420d05f6cedb
- SHA1
  
  c7c2d468f1c7beb08b5a336e4e6686f8b8b786c4
- SHA256
  
  c51a2831e684957b0aca4e69769d8eeeb5dec70b43a1d1057a9fce27c20268cf
- SHA512
  
  033e65de28278e21c595451e87b56ebb78adf86f7af349435d97ff669de2e43842baab53ecad41a0a31d5db05da9cf09428a87a636c94a9ac2921887b5249a1a
- SSDEEP
  
  1536:hNcRZiTYLSKbowy3HxDeUvZtSffmVc60oD9h9UdUJEh4PQo7HxNt:joMYLFowy3HxyURtzVcQTeUJEh4pJ
Score

1^/10
behavioral19 behavioral20
- Target
  
  CCleaner1/Lang/lang-1027.dll
- Size
  
  284KB
- MD5
  
  e39280c4bf4834390b09fa2f03c09c49
- SHA1
  
  37350348baed3bb1a46339be15ab19a9ec3ca4cb
- SHA256
  
  ee6c1f875d332f8df1d1d5d70fddd6aba4ac41bc027b319f73db5235c1c5d256
- SHA512
  
  755b1d67cc2cb52ba93a3b78f81066288ce29743bddbd1af108e153ae426e5abb381e48b2ff069a29e59a0a261ab66948c739f20d199fdfcfe99cf501d5b8e82
- SSDEEP
  
  3072:PHrr3phs4msC0MUmq3nFvQ2iZHz5b0Sl1QjPM36qWFnZY2WkDRCmKrI:3U4s0MUmqG5b0SlAqWZDj
Score

1^/10
behavioral21 behavioral22
- Target
  
  CCleaner1/Lang/lang-1028.dll
- Size
  
  111KB
- MD5
  
  eebbedeb0291f5b5a338ad5113230540
- SHA1
  
  cefb66c48533a1c001853c4443e9d5b0832c89d6
- SHA256
  
  904bfd163150da34cf2eee9bccfc7882dcb8a24ddf8fa17ddb7387356df7a6b0
- SHA512
  
  0c9d226e06c27f8edea6b3b5cbf21af803feb35288653ce0ebc41b1bd9b78efb5e0a19f9313d9bf1fc5cbb077201e0f410929f762fc541a3b02530d77ec73fb1
- SSDEEP
  
  1536:1Nhdn4y3GSVTRLd6I2Y4JYAs/kEwjHhz/71x4:H/HqI2Y4JXbLH9/g
Score

1^/10
behavioral23 behavioral24
- Target
  
  CCleaner1/Lang/lang-1029.dll
- Size
  
  249KB
- MD5
  
  d7ac30bdbe648ff4b5fd993cbb9641f3
- SHA1
  
  0a26fb068d84c3a7dd9da6871ebaddf6904a726b
- SHA256
  
  ee49f7953f8afd693c608507ee4e79d301f39981f84df351e0a9443f526827d5
- SHA512
  
  f2c162e064b8662024da97fddfa7e247b5efd60ee1f6d621f239994a300ad022b7dd64bcc34d4a6b69edcd90f0488bf7cde0efd3f50d57564b2737cee7a20065
- SSDEEP
  
  3072:NhTV0ws1yxbxqTjEuqumFQl0V13hcIYl80sJ0wknymZq1Mb2g+CO:RJPt3rY2
Score

1^/10
behavioral25 behavioral26
- Target
  
  CCleaner1/Lang/lang-1030.dll
- Size
  
  246KB
- MD5
  
  c6339bd1ba882ac242e7963f3d2612df
- SHA1
  
  4a52febdc2bd67a7fb5d25433e8ff73073cc5de4
- SHA256
  
  77340a980e48e76f0386b822e44593600b2ec62a95579f92d0b7ffe4e0aa3d0f
- SHA512
  
  3ba60e267e3ad6a67e6096493cca6265cf7d4ac5e591b990b3371ba657e2948e9079b36576e43cbd523814b1e86490945bc9ea2e80c2a0c82f0bebeb620d9464
- SSDEEP
  
  3072:+Y4MUPjdglJsCPH02R/CCzuo8JqT1oS748mSAwufgCIk6SsYcHE:ImlJhPmB/69E
Score

1^/10
behavioral27 behavioral28
- Target
  
  CCleaner1/Lang/lang-1031.dll
- Size
  
  278KB
- MD5
  
  0487719c49686620714a6962b4df7fdd
- SHA1
  
  f7737bce21ad551fde0d9ca2c52411c4e7ad60cd
- SHA256
  
  976ee03523427fb4c7a1fff75d827536a05c53264bc34b82b92a215cfc443b6c
- SHA512
  
  4d96975a99fb3c76298789516dff7809b495751c060a0ed92b4575a506991f0664553604e8910a8ce27bafc69cb33ac793cdba9008bd7250a54aec4f5fd576eb
- SSDEEP
  
  3072:CkSJRKPgjvypvWTCTTegzQhK7JUfRtR+ga9hI7AlfbamVXu9dIEhpg8XVLZkwwl6:yyfDeqEFzdaCYvOL
Score

1^/10
behavioral29 behavioral30
- Target
  
  CCleaner1/Lang/lang-1032.dll
- Size
  
  291KB
- MD5
  
  6a107ca51ed88dda65d696a6a06e795e
- SHA1
  
  8451ede1df40e563fbcd9dab7adaf4f863b2d39e
- SHA256
  
  ac3025b93a302d09cbfef47346a62c1fadb417ffd6dc9a7a89794a43ce54f12a
- SHA512
  
  22c251e678ca05ed23c569dab3bc263d90d60cce1868e584088e2a2b7232c565ca6283a1941d8738267fe399511cbce52fc9f29c891c074dbdaf77969124f7af
- SSDEEP
  
  3072:3j6kCHTgJU7ZlvMQmOnMGopX6YQ5dWORILw4adqLD9BlKvSUG8+wi9TvxVJzAkHf:EvMKMcOyYb
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Writes to the Master Boot Record (MBR)

Suspicious use of NtCreateThreadExHideFromDebugger

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32