nullmixer

General

Target

a0e87c4b9483fae95f6f57946023d3e7
Size

2.8MB
Sample

231227-d1c1msghd6
MD5

a0e87c4b9483fae95f6f57946023d3e7
SHA1

993ab6ddf0f3dfa349ef7ad4e3a44d0fc2a15a0a
SHA256

bb7dead4d3da28e16ef45d0019cd42bbd3c4e3454c3042867e7f64aee2439912
SHA512

95979bbfb68d50223fa05e35a7fa6552a30889a07327347d8a6d03a80fc8d92bbcd4f7456431aceb7fc43acc784610d196e2d002baee9278c762e45852ee69b1
SSDEEP

49152:EgGeCFEEIxWoH57jp49GfCZHw7DhSZ2eGIxy2FKVqrZix9zSlbtcUw5:JHCG+0Zja9sCZzZnGWdF+wZixpebeU8

Score

10^/10

Malware Config

Extracted

Family

nullmixer

C2

http://watira.xyz/

Extracted

Family

vidar

Version

39.7

Botnet

706

C2

https://shpak125.tumblr.com/

Attributes

profile_id
706

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

Targets

- Target
  
  a0e87c4b9483fae95f6f57946023d3e7
- Size
  
  2.8MB
- MD5
  
  a0e87c4b9483fae95f6f57946023d3e7
- SHA1
  
  993ab6ddf0f3dfa349ef7ad4e3a44d0fc2a15a0a
- SHA256
  
  bb7dead4d3da28e16ef45d0019cd42bbd3c4e3454c3042867e7f64aee2439912
- SHA512
  
  95979bbfb68d50223fa05e35a7fa6552a30889a07327347d8a6d03a80fc8d92bbcd4f7456431aceb7fc43acc784610d196e2d002baee9278c762e45852ee69b1
- SSDEEP
  
  49152:EgGeCFEEIxWoH57jp49GfCZHw7DhSZ2eGIxy2FKVqrZix9zSlbtcUw5:JHCG+0Zja9sCZzZnGWdF+wZixpebeU8
Score

10^/10

nullmixer smokeloader vidar 706 pub5 aspackv2 backdoor dropper stealer trojan
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

SmokeLoader

Vidar

Vidar Stealer

ASPack v2.12-2.42

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2