WikiLoader - это сложный загрузчик, целью которого является установка второй полезной нагрузки вредоносного ПО. Вредоносная программа содержит интересные техники уклонения и пользовательскую реализацию кода, что затрудняет ее обнаружение и анализ.
Indicators of Compromise
URLs
- https://barliam.com/ph/wp-content/themes/twentytwentythree/plxka3.php?id=1
- https://cdn.discordapp.com/attachments/1063894486901587979/1229768405582741570/1_npp.8.6.3.portable.x64.zip?ex=6630e213&is=661e6d13&hm=0fd74782ead9fca83748c0b045e33161bcb75d85bfa776a34e0fd0999943080d&
- https://cdn.discordapp.com/attachments/1063894486901587979/1234858480226144296/1_npp.8.6.3.portable.x64.zip?ex=66324314&is=6630f194&hm=4a3e64dc2428f0b2ce8dbc485cbea06fb7e42d700175fe320a996a451c76a128&
- https://djibek.com/wp-content/themes/twentytwentyone/sb9ivy.php?id=1
- https://dorseydorse.com/wp-content/themes/twentytwenty/i4imyy.php?id=1
- https://dreamerz.vn/wp-content/themes/twentytwentyone/0srbuw.php?id=1
- https://letjsnod.com/ssoservice?LSY=BMOSou&oD=AHnwvHg&sourceYgi=eilvX&Kacontent=sMIOOkEIJS&w_cid=9367983&rE=9592978
- https://pankerfan.com/accessinformation?d0675c3b04d3fed5b988&shares=vDbLo&KPYS=867025b4b44821e8-9bd7a835-7c48a739-3fee3019-6804d329eda6566602832b&xz=217#fR5412805674659065609
- https://pankerfan.com/eft-edi-customer?bzR=IskOD&br=JYDmkADmZ&sourceMH=htRRR&ffcontent=YPIBjqCe&Cb_cid=7987028&w=2520205
- https://polarishousingsystems.com/wp-content/themes/twentytwentyfour/qshgfl.php?id=1
- https://rariate.com/ph/wp-content/themes/twentytwentythree/6rndt2.php?id=1
- https://retrobox.rocks/wp-content/themes/twentytwentyfour/vhpg2j.php?id=1
- https://unokodkelas.cl/wp-content/themes/twentytwenty/pttfrp.php?id=1
- https://www.briccodeldente.it/wp-content/themes/white-rock-progression/l3h0y5.php?id=1
- https://www.judicialconsulting.es/wp-content/themes/hello-elementor/t745ny.php?id=1
- https://www.savetheworldpodcast.com/wp-content/themes/twentytwentyone/msecgc.php?id=1
SHA256
- 0112ea3dd460b8776d52bcf9fad234ddbf19e4e2b6666b8560aa173764e14af7
- 1d6f76acecff63fb373b5774a3cb34b87266a4a4bbb8e3a0757d107187d280ee
- 44eb09ff486d2b84d59674992c52e8e3c0726c6b82c7e42bde94d32579d1524f
- 702d6957bfbd9f13cb0a4d3523907ea61a5b81867faf9dedb4cad5fca9563e94
- 8b599b39bc3706664d39250a571b7e6536f2f6fddf71e26b5755c71ec4447238
- 94eb56c4cbfc817ed385ac947d2f2e5812ffdae5e3a669c84dc6001f66625199
- 99fe6730862db95a23d5996996d99d55a809390b152bfdc15d617545016cbbe6
- c605b5adea1737158cbd8b02ffe102eafb9575ccef3bcc88b7bb18c517fd9891
- cade322bf1c5f58f44d8970de70ca83cf53d2d6ab5e43f53a8ed26a343c95309
- dc9cee254e4d2ffd41d4fa4519ac0dea5ff194d8e328550c2a4f22a569286dcb
- f1a49cea454bac3e78ac765b247b65d00c896d84de2028892b00d4310453c665