nullmixer | e270a47e3c09fe00dd072297302d96b830682e18214cb7410be4d56f6feb0dd0 | Triage

Sharing

General

Target

c9705afcbe13766eedfe83cd901a1cd2
Size

1.5MB
Sample

231228-gmrhnaeba9
MD5

c9705afcbe13766eedfe83cd901a1cd2
SHA1

5f0a179c3a72744d8e7d16aedebaf5c000b2c019
SHA256

e270a47e3c09fe00dd072297302d96b830682e18214cb7410be4d56f6feb0dd0
SHA512

d34efb1d0f2ef24e277914e292cc09e753f4ca0e9e6189d7163e9932062f4fe2259b180a29ed9d2d5fa3486b3f4e1f2c7e40cf11b7a385562f72534b35f3a53e
SSDEEP

24576:Eg5Qr587v2TIC7sQpnVBf9QQMfcflspnr1+dReMQfOtzan2WnbSXqmndlLMV44gT:EgirovmIm/VhMfcfepnPfgJWn2fPLI6T

Score

10^/10

nullmixer smokeloader pub6 backdoor dropper evasion trojan

Malware Config

Extracted

Family

nullmixer

C2

http://wxkeww.xyz/

Extracted

Family

smokeloader

Botnet

pub6

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  c9705afcbe13766eedfe83cd901a1cd2
- Size
  
  1.5MB
- MD5
  
  c9705afcbe13766eedfe83cd901a1cd2
- SHA1
  
  5f0a179c3a72744d8e7d16aedebaf5c000b2c019
- SHA256
  
  e270a47e3c09fe00dd072297302d96b830682e18214cb7410be4d56f6feb0dd0
- SHA512
  
  d34efb1d0f2ef24e277914e292cc09e753f4ca0e9e6189d7163e9932062f4fe2259b180a29ed9d2d5fa3486b3f4e1f2c7e40cf11b7a385562f72534b35f3a53e
- SSDEEP
  
  24576:Eg5Qr587v2TIC7sQpnVBf9QQMfcflspnr1+dReMQfOtzan2WnbSXqmndlLMV44gT:EgirovmIm/VhMfcfepnPfgJWn2fPLI6T
Score

10^/10

nullmixer smokeloader pub6 backdoor dropper evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nullmixersmokeloaderpub6backdoordropperevasiontrojan

behavioral2

nullmixersmokeloaderpub6backdoordroppertrojan