nullmixer | 3b15547e53d7254ec42974dc5a1d7b72cffd722a41114944b5606a845be7b76d

General

Target

ad1ca7ff685a17765d86adb4105b7bd7.exe
Size

5.7MB
MD5

ad1ca7ff685a17765d86adb4105b7bd7
SHA1

96291cf1ce155f393919965359de528b2d661186
SHA256

3b15547e53d7254ec42974dc5a1d7b72cffd722a41114944b5606a845be7b76d
SHA512

6645b29c759d1fb015c1999d12f119d3f379fbabd9d643ea8da0851cf7ab680f0fa5de7dab075df0165bf16e55a2f01405794d57c5911fa68c5e068ce200d5ee
SSDEEP

98304:x7CvLUBsgSqm9iwNZOmcJ9sTqEQxvTNDagiE6ixeZKjG/RrkIk8lfYhlB:xALUCghwNZvWDOTBKjgd/lf2H

Score

10^/10

nullmixer aspackv2 dropper

Malware Config

Extracted

Family

nullmixer

C2

http://marisana.xyz/

Signatures

NullMixer
NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
dropper nullmixer

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x002d000000016cd2-41.dat	aspack_v212_v242
behavioral1/files/0x000800000001227e-45.dat	aspack_v212_v242
behavioral1/files/0x0007000000016d37-48.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
2512	setup_install.exe

Loads dropped DLL 11 IoCs

pid	Process
2232	ad1ca7ff685a17765d86adb4105b7bd7.exe
2232	ad1ca7ff685a17765d86adb4105b7bd7.exe
2232	ad1ca7ff685a17765d86adb4105b7bd7.exe
2512	setup_install.exe
2512	setup_install.exe
2512	setup_install.exe
2512	setup_install.exe
2512	setup_install.exe
2512	setup_install.exe
2512	setup_install.exe
2512	setup_install.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2512	2232	ad1ca7ff685a17765d86adb4105b7bd7.exe	28
PID 2232 wrote to memory of 2512	2232	ad1ca7ff685a17765d86adb4105b7bd7.exe	28
PID 2232 wrote to memory of 2512	2232	ad1ca7ff685a17765d86adb4105b7bd7.exe	28
PID 2232 wrote to memory of 2512	2232	ad1ca7ff685a17765d86adb4105b7bd7.exe	28
PID 2232 wrote to memory of 2512	2232	ad1ca7ff685a17765d86adb4105b7bd7.exe	28
PID 2232 wrote to memory of 2512	2232	ad1ca7ff685a17765d86adb4105b7bd7.exe	28
PID 2232 wrote to memory of 2512	2232	ad1ca7ff685a17765d86adb4105b7bd7.exe	28

C:\Users\Admin\AppData\Local\Temp\ad1ca7ff685a17765d86adb4105b7bd7.exe
"C:\Users\Admin\AppData\Local\Temp\ad1ca7ff685a17765d86adb4105b7bd7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\7zS8B8BF0B6\setup_install.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS8B8BF0B6\setup_install.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS8B8BF0B6\libcurlpp.dll

Filesize
54KB

MD5
e6e578373c2e416289a8da55f1dc5e8e

SHA1
b601a229b66ec3d19c2369b36216c6f6eb1c063e

SHA256
43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f

SHA512
9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8BF0B6\libstdc++-6.dll

Filesize
647KB

MD5
5e279950775baae5fea04d2cc4526bcc

SHA1
8aef1e10031c3629512c43dd8b0b5d9060878453

SHA256
97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87

SHA512
666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8BF0B6\libwinpthread-1.dll

Filesize
69KB

MD5
1e0d62c34ff2e649ebc5c372065732ee

SHA1
fcfaa36ba456159b26140a43e80fbd7e9d9af2de

SHA256
509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723

SHA512
3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8BF0B6\setup_install.exe

Filesize
2.1MB

MD5
6855292af7971bb50c0957fe13b68915

SHA1
24527b127a43f9486279f7c384f202fbd60cfbd9

SHA256
9e7032a840e8776802cf7c5c1af58810afdb5ab53bdc9e91142248620087e0cc

SHA512
d92c0da0b4438c257c61eb372d7362b450d68ed46545e18f8f18def12a477401fe6be58448ab818048f18317d629c8931f740cbccfbb69aa4d945f918569a447

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8BF0B6\setup_install.exe

Filesize
1.2MB

MD5
8b80e231fc1c3ba75ab1808ece1c0b2f

SHA1
7f5d030128d401e32b41935595bc82a2200c1c8b

SHA256
cda61524e6bbe4b96c840dc2dd8eee78970120b38813fd05910c0a20fd623f85

SHA512
6f543b6dc78a756e49508e1dbab8c797f90baa296dbad343a594db919e75327e120159e540caf8986a7be526960300d554d83c11389f20cbcbc5a24948fb9fbf

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8B8BF0B6\libcurl.dll

Filesize
218KB

MD5
d09be1f47fd6b827c81a4812b4f7296f

SHA1
028ae3596c0790e6d7f9f2f3c8e9591527d267f7

SHA256
0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e

SHA512
857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8B8BF0B6\libgcc_s_dw2-1.dll

Filesize
113KB

MD5
9aec524b616618b0d3d00b27b6f51da1

SHA1
64264300801a353db324d11738ffed876550e1d3

SHA256
59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e

SHA512
0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8B8BF0B6\setup_install.exe

Filesize
1.1MB

MD5
4f9e94253240a2bc52df222fb75f1856

SHA1
9e82687a1bb94b47f79e670405cc9d7c85763632

SHA256
d4c6d3d0a25ce1d96df3f25944b3cf3054b7f8f860e1ec6986f294af789e9dbb

SHA512
e06f6b65b483b035ddbbe21e03cc1cddd10bd809f2ad2c835d7c9634d2ec83799c5f4313c118afcf0531311c18b0fde9a5ee60703c3d9a22db3dd892aa78c5df

Download Submit
memory/2512-49-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/2512-44-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/2512-58-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/2512-57-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/2512-56-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/2512-55-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/2512-59-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/2512-61-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/2512-63-0x000000006EB40000-0x000000006EB63000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing