nullmixer

General

Target

f25e4213555bb2e557f66fb99d91a03972c1882ca8c2ac8748e25fc09798e2be.exe
Size

5.5MB
Sample

240107-w8jghacfg7
MD5

0a313a73aac1905c6ef571c4e700554a
SHA1

7f2e2d4656ae4a5e6015c51184e19ef26510fb12
SHA256

f25e4213555bb2e557f66fb99d91a03972c1882ca8c2ac8748e25fc09798e2be
SHA512

b8323f01a915c1e28d9926a07518c798546ab12aa8d8c1038c9f18973beab78fda972aaea1b7a0814b6c3efa0847ee2f89ccc3abfa8bcc239eb12a36a069b576
SSDEEP

98304:xorRBQQyUroZi+nTf55/2UJ70UsjVk+io3McLpN3SQXB/uz7h4sWsjFe5qx:xorR3rETfjB70Ush9io3MeDOl4sW8+qx

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

40.3

Botnet

706

C2

https://lenko349.tumblr.com/

Attributes

profile_id
706

Extracted

Family

redline

Botnet

pab777

C2

185.215.113.15:6043

Extracted

Family

nullmixer

C2

http://hsiens.xyz/

Targets

- Target
  
  f25e4213555bb2e557f66fb99d91a03972c1882ca8c2ac8748e25fc09798e2be.exe
- Size
  
  5.5MB
- MD5
  
  0a313a73aac1905c6ef571c4e700554a
- SHA1
  
  7f2e2d4656ae4a5e6015c51184e19ef26510fb12
- SHA256
  
  f25e4213555bb2e557f66fb99d91a03972c1882ca8c2ac8748e25fc09798e2be
- SHA512
  
  b8323f01a915c1e28d9926a07518c798546ab12aa8d8c1038c9f18973beab78fda972aaea1b7a0814b6c3efa0847ee2f89ccc3abfa8bcc239eb12a36a069b576
- SSDEEP
  
  98304:xorRBQQyUroZi+nTf55/2UJ70UsjVk+io3McLpN3SQXB/uz7h4sWsjFe5qx:xorR3rETfjB70Ush9io3MeDOl4sW8+qx
Score

10^/10

redline sectoprat vidar 706 pab777 infostealer rat stealer trojan nullmixer aspackv2 dropper
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

RedLine

RedLine payload

SectopRAT

SectopRAT payload

Vidar

Vidar Stealer

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2