nullmixer

General

Target

f71263ad0149f2cbd529beb19df50d51_JaffaCakes118
Size

1.9MB
Sample

240418-cvyjqagf58
MD5

f71263ad0149f2cbd529beb19df50d51
SHA1

0cf9df2dd6bc33b2594922ed1a911a0a53f8d306
SHA256

f15fe0a5ac415395cee37094bdabfc550d9f29507cabc9130bf8f3f938e10ced
SHA512

766e0830ee56a083cf10d92a2e8183a332b975d665543fbe6b5496326c8a3f2f47ace75c7a62edccb3f6231c88e1ae26e809850bc963f99ba505013b3ea964c3
SSDEEP

49152:9gyISzsgDGu/8QT3KuHuK2iDK1Fbnieb46Pt:yyI3gn/auHuiDCbnf1

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub6

Extracted

Family

vidar

Version

40

Botnet

706

C2

https://lenak513.tumblr.com/

Attributes

profile_id
706

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Extracted

Family

nullmixer

C2

http://marisana.xyz/

Targets

- Target
  
  f71263ad0149f2cbd529beb19df50d51_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  f71263ad0149f2cbd529beb19df50d51
- SHA1
  
  0cf9df2dd6bc33b2594922ed1a911a0a53f8d306
- SHA256
  
  f15fe0a5ac415395cee37094bdabfc550d9f29507cabc9130bf8f3f938e10ced
- SHA512
  
  766e0830ee56a083cf10d92a2e8183a332b975d665543fbe6b5496326c8a3f2f47ace75c7a62edccb3f6231c88e1ae26e809850bc963f99ba505013b3ea964c3
- SSDEEP
  
  49152:9gyISzsgDGu/8QT3KuHuK2iDK1Fbnieb46Pt:yyI3gn/auHuiDCbnf1
Score

10^/10

nullmixer privateloader smokeloader vidar 706 pub6 aspackv2 backdoor dropper loader stealer trojan
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  setup_installer.exe
- Size
  
  1.9MB
- MD5
  
  7a31dc882ea1b0e7a8ffebcd21059cd5
- SHA1
  
  38ebd858eb6e5e540b5900c97e77a9f3ff92e421
- SHA256
  
  28a96de1e3a6ac6f0105145b7155ebc1eafb9d1885d09c84b65ffd60e9b8951f
- SHA512
  
  eca9ee232b660e3e8244a61e8a7b8e6e63499849cc3ab2a07941e032142ef89d46a4c7a219b32c811b36245ebb0ddda5313b475590e6f478df6ee2f7571bde6a
- SSDEEP
  
  49152:xcBmEwJ84vLRaBtIl9mVzZxa8jQtrpR7Js2Q7D85Qvr5S:xECvLUBsg+8UttFJ9zQVS
Score

10^/10

nullmixer privateloader smokeloader vidar 706 pub6 aspackv2 backdoor dropper loader stealer trojan
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4