Overview

overview

10

Static

static

3

a134e5d51c...2f.exe

windows7-x64

10

a134e5d51c...2f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a134e5d51c7ed250a0c7b2c9d69c252f

  • Size

    3.5MB

  • Sample

    231222-qm7djsagb7

  • MD5

    a134e5d51c7ed250a0c7b2c9d69c252f

  • SHA1

    49be67401c878ba338c18591ee4c0c75cfcdb69e

  • SHA256

    77c347214ea12a755c535428c16f714e9b646d556774408f526f520827989e52

  • SHA512

    2eabd3ebcb27703b9672136aeaac0a51b8dfe60c4d1873d0655084f0ae658ceb6bc411a8dac1e01a2f2e8916db19bf336be84590e92d801f9e69f938cbb297ac

  • SSDEEP

    98304:xmrRByEHolHK9KDmKLVMKmRt9BqmhXUHbpBV4nO:xmrRMEIk9iJVlmR4mNm/V4O

Score
10/10
nullmixerprivateloaderredlinesectopratvidar706pab777aspackv2dropperinfostealerloaderratstealertrojan

Malware Config

Extracted

Family

nullmixer

C2

http://hsiens.xyz/

Extracted

Family

privateloader

C2

http://37.0.10.214/proxies.txt

http://37.0.10.244/server.txt

http://wfsdragon.ru/api/setStats.php

37.0.10.237

Extracted

Family

redline

Botnet

pab777

C2

185.215.113.15:6043

Extracted

Family

vidar

Version

40.3

Botnet

706

C2

https://lenko349.tumblr.com/

Attributes
  • profile_id

    706

Targets

    • Target

      a134e5d51c7ed250a0c7b2c9d69c252f

    • Size

      3.5MB

    • MD5

      a134e5d51c7ed250a0c7b2c9d69c252f

    • SHA1

      49be67401c878ba338c18591ee4c0c75cfcdb69e

    • SHA256

      77c347214ea12a755c535428c16f714e9b646d556774408f526f520827989e52

    • SHA512

      2eabd3ebcb27703b9672136aeaac0a51b8dfe60c4d1873d0655084f0ae658ceb6bc411a8dac1e01a2f2e8916db19bf336be84590e92d801f9e69f938cbb297ac

    • SSDEEP

      98304:xmrRByEHolHK9KDmKLVMKmRt9BqmhXUHbpBV4nO:xmrRMEIk9iJVlmR4mNm/V4O

    Score
    10/10
    nullmixerprivateloaderredlinesectopratvidar706pab777aspackv2dropperinfostealerloaderratstealertrojan

    • NullMixer

      NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

      droppernullmixer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar Stealer

      stealer

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks