nullmixer

General

Target

5d2d3d4eae63a13afbd30c96b70a56cf
Size

1.5MB
Sample

231226-jjfcbsdabk
MD5

5d2d3d4eae63a13afbd30c96b70a56cf
SHA1

bdce10de18c09ebb6b388eeef3c11c43e9e8d39c
SHA256

72b24e99cdd46d7cee31af6d8858782b775db1753d4ed954774a2b1306d5dd89
SHA512

5c46660a3572d435161942f548f7f321d8369fe858563b45fb7d93bfd4ebdd98f5bc01093f47dd7de0d55f9a6b4c85e15bb0c2930ef220a2dfdd9599c32f61d3
SSDEEP

24576:Eg5ngsT7c6L5PDh+TwMShDHActO6s5E7GPW7lm2q/k0VRjEK2E:EgBv/9L5rhXvMIO6s5axw2qM0/jE1E

Score

10^/10

Malware Config

Extracted

Family

nullmixer

C2

http://wxkeww.xyz/

Extracted

Family

smokeloader

Botnet

pub6

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

Targets

- Target
  
  5d2d3d4eae63a13afbd30c96b70a56cf
- Size
  
  1.5MB
- MD5
  
  5d2d3d4eae63a13afbd30c96b70a56cf
- SHA1
  
  bdce10de18c09ebb6b388eeef3c11c43e9e8d39c
- SHA256
  
  72b24e99cdd46d7cee31af6d8858782b775db1753d4ed954774a2b1306d5dd89
- SHA512
  
  5c46660a3572d435161942f548f7f321d8369fe858563b45fb7d93bfd4ebdd98f5bc01093f47dd7de0d55f9a6b4c85e15bb0c2930ef220a2dfdd9599c32f61d3
- SSDEEP
  
  24576:Eg5ngsT7c6L5PDh+TwMShDHActO6s5E7GPW7lm2q/k0VRjEK2E:EgBv/9L5rhXvMIO6s5axw2qM0/jE1E
Score

10^/10

nullmixer smokeloader pub6 backdoor dropper trojan
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

SmokeLoader

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2