nullmixer

General

Target

f6336737452a7a106dde9be8ba468a0c_JaffaCakes118
Size

3.6MB
Sample

240417-t2hwaagh9v
MD5

f6336737452a7a106dde9be8ba468a0c
SHA1

19b4f742ad0beb3bd2306b8e8b1d989e52a01365
SHA256

76c9ba959cb30c682c744ec265b3ae18fa5f92250cdc153139fb83835ca17356
SHA512

8df61530106e314cc78f82907ae89896b3281721bfe440565219c5fcebf01a90ef0bfeb55d6c7069ee68a9a1711dbca28fb9060d1ffc6026f706a2744ed539de
SSDEEP

98304:ysevup9c1bf8FmhU3sXZi1ZsarTqLpRgj+uMeCm6:yI9wBhJYZsATqYCuBC

Score

10^/10

Malware Config

Extracted

Family

nullmixer

C2

http://hsiens.xyz/

Extracted

Family

privateloader

C2

http://37.0.10.214/proxies.txt

http://37.0.10.244/server.txt

http://wfsdragon.ru/api/setStats.php

37.0.10.237

Extracted

Family

redline

Botnet

pub2

C2

185.92.73.84:80

Extracted

Family

vidar

Version

40.1

Botnet

706

C2

https://eduarroma.tumblr.com/

Attributes

profile_id
706

Extracted

Family

smokeloader

Version

2020

C2

http://varmisende.com/upload/

http://fernandomayol.com/upload/

http://nextlytm.com/upload/

http://people4jan.com/upload/

http://asfaltwerk.com/upload/

rc4.i32

Targets

- Target
  
  f6336737452a7a106dde9be8ba468a0c_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  f6336737452a7a106dde9be8ba468a0c
- SHA1
  
  19b4f742ad0beb3bd2306b8e8b1d989e52a01365
- SHA256
  
  76c9ba959cb30c682c744ec265b3ae18fa5f92250cdc153139fb83835ca17356
- SHA512
  
  8df61530106e314cc78f82907ae89896b3281721bfe440565219c5fcebf01a90ef0bfeb55d6c7069ee68a9a1711dbca28fb9060d1ffc6026f706a2744ed539de
- SSDEEP
  
  98304:ysevup9c1bf8FmhU3sXZi1ZsarTqLpRgj+uMeCm6:yI9wBhJYZsATqYCuBC
Score

10^/10

nullmixer privateloader redline sectoprat smokeloader vidar 706 pub2 aspackv2 backdoor dropper infostealer loader rat stealer trojan
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  setup_installer.exe
- Size
  
  3.6MB
- MD5
  
  1df01ae4f663bbb5bdc2abb2d68a1348
- SHA1
  
  bed2b62f36b774a21cb14ee8c1e98363458028fc
- SHA256
  
  b1c5d186dc4924256dc9e8f9fad845bdb583f7028c547aa8ca2fe2076e2a081f
- SHA512
  
  7cc3faf78ffdaa3ef2327cea4ea22f062934e1029dc4727428cfc4a7dad943a94f0bc39b061dfdec1277f364584f7bf0e92c22aa22c44e6d34e524ac0ad684be
- SSDEEP
  
  98304:x3CvLUBsgE9a4SZgRzEpVbzmX4lhfnVJQbSNKHG2a:x0LUCgya4S6zOVpVJsYKxa
Score

10^/10

nullmixer privateloader redline sectoprat smokeloader vidar 706 pub2 aspackv2 backdoor dropper infostealer loader rat stealer trojan
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

PrivateLoader

RedLine

RedLine payload

SectopRAT

SectopRAT payload

SmokeLoader

Vidar

Vidar Stealer

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

NullMixer

PrivateLoader

RedLine

RedLine payload

SectopRAT

SectopRAT payload

SmokeLoader

Vidar

Vidar Stealer

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4