nullmixer

General

Target

eaf542dd8a8094cde3fd9767497c06f3_JaffaCakes118
Size

1.5MB
Sample

240410-nkb4hshb21
MD5

eaf542dd8a8094cde3fd9767497c06f3
SHA1

e8f51145b8506ea14cd111d292450fff0be82b19
SHA256

57915804648a28ef848d9ef8b400660e828d516e53a3a91265b467bb95db9e89
SHA512

ec9f5de333718c0c0a4cdcd1a49439581d0029528407cfdd4aa2a798a0f0c1b3d02b23d8c8a99c20a97f4a60f685e7e12eb1635332155a92c9141a990d67577a
SSDEEP

49152:Egm7B/qk5xqQl+Xphug3rl2yFIt+65eVfTorTRo7:Jm7B/9/7eu/COrTq

Score

10^/10

Malware Config

Extracted

Family

nullmixer

C2

http://marisana.xyz/

Extracted

Family

smokeloader

Botnet

pub6

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

Targets

- Target
  
  eaf542dd8a8094cde3fd9767497c06f3_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  eaf542dd8a8094cde3fd9767497c06f3
- SHA1
  
  e8f51145b8506ea14cd111d292450fff0be82b19
- SHA256
  
  57915804648a28ef848d9ef8b400660e828d516e53a3a91265b467bb95db9e89
- SHA512
  
  ec9f5de333718c0c0a4cdcd1a49439581d0029528407cfdd4aa2a798a0f0c1b3d02b23d8c8a99c20a97f4a60f685e7e12eb1635332155a92c9141a990d67577a
- SSDEEP
  
  49152:Egm7B/qk5xqQl+Xphug3rl2yFIt+65eVfTorTRo7:Jm7B/9/7eu/COrTq
Score

10^/10

nullmixer smokeloader pub6 aspackv2 backdoor dropper evasion spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  setup_installer.exe
- Size
  
  1.5MB
- MD5
  
  fb0b833f695d52b7a9cc308b48136710
- SHA1
  
  8899b9196dad0c2d8e9900f2d8cdb10aff9ed87b
- SHA256
  
  f3e28af372f1ecbe4bfc290214c09e4ba3485556ebc847971009996cd92daa48
- SHA512
  
  9c77ce45b8eb09085f15ab8ec7301cf2d27e9ff2689089591576cb96b248fc58709934c38a60213f710cca8bd0276f7b206f18cadef5c392d95ad783f7540e88
- SSDEEP
  
  49152:xcBhCpZgu2K8EEwJ84vLRaBtIl9mTH7szUnTffo:xFZ2HzCvLUBsKHYITfo
Score

10^/10

nullmixer smokeloader pub6 aspackv2 backdoor dropper evasion spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4