nullmixer

General

Target

a134e5d51c7ed250a0c7b2c9d69c252f
Size

3.5MB
Sample

231222-qm7djsagb7
MD5

a134e5d51c7ed250a0c7b2c9d69c252f
SHA1

49be67401c878ba338c18591ee4c0c75cfcdb69e
SHA256

77c347214ea12a755c535428c16f714e9b646d556774408f526f520827989e52
SHA512

2eabd3ebcb27703b9672136aeaac0a51b8dfe60c4d1873d0655084f0ae658ceb6bc411a8dac1e01a2f2e8916db19bf336be84590e92d801f9e69f938cbb297ac
SSDEEP

98304:xmrRByEHolHK9KDmKLVMKmRt9BqmhXUHbpBV4nO:xmrRMEIk9iJVlmR4mNm/V4O

Score

10^/10

Malware Config

Extracted

Family

nullmixer

C2

http://hsiens.xyz/

Extracted

Family

privateloader

C2

http://37.0.10.214/proxies.txt

http://37.0.10.244/server.txt

http://wfsdragon.ru/api/setStats.php

37.0.10.237

Extracted

Family

redline

Botnet

pab777

C2

185.215.113.15:6043

Extracted

Family

vidar

Version

40.3

Botnet

706

C2

https://lenko349.tumblr.com/

Attributes

profile_id
706

Targets

- Target
  
  a134e5d51c7ed250a0c7b2c9d69c252f
- Size
  
  3.5MB
- MD5
  
  a134e5d51c7ed250a0c7b2c9d69c252f
- SHA1
  
  49be67401c878ba338c18591ee4c0c75cfcdb69e
- SHA256
  
  77c347214ea12a755c535428c16f714e9b646d556774408f526f520827989e52
- SHA512
  
  2eabd3ebcb27703b9672136aeaac0a51b8dfe60c4d1873d0655084f0ae658ceb6bc411a8dac1e01a2f2e8916db19bf336be84590e92d801f9e69f938cbb297ac
- SSDEEP
  
  98304:xmrRByEHolHK9KDmKLVMKmRt9BqmhXUHbpBV4nO:xmrRMEIk9iJVlmR4mNm/V4O
Score

10^/10

nullmixer privateloader redline sectoprat vidar 706 pab777 aspackv2 dropper infostealer loader rat stealer trojan
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

PrivateLoader

RedLine

RedLine payload

SectopRAT

SectopRAT payload

Vidar

Vidar Stealer

ASPack v2.12-2.42

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2