top of page
Search
Writer's pictureStormsec

NullMixer drops Redline Stealer, SmokeLoader and other malware

NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that can be found mainly via search engines. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper.




INDUSTRIES: Military, Industrial



MALWARE FAMILIES: Maui, Satacom, SgnitLoader, ClipBanker, DanaBot, Disbuk, Fabookie, Glupteba, NullMixer, Exodus, ShortLoader, RedLine, FormatLoader, SmokeLoader, Vidar


ATT&CK IDS: T1140 - Deobfuscate/Decode Files or Information, T1105 - Ingress Tool Transfer, T1566 - Phishing, T1036 - Masquerading, T1115 - Clipboard Data, T1059 - Command and Scripting Interpreter, T1113 - Screen Capture, T1021 - Remote Services, T1027 - Obfuscated Files or Information, T1003 - OS Credential Dumping, T1055 - Process Injection, T1176 - Browser Extensions, T1134 - Access Token Manipulation, T1546 - Event Triggered Execution, T1056 - Input Capture, T1033 - System Owner/User Discovery, T1204 - User Execution


Read More:

1 view

Comments


Commenting has been turned off.
bottom of page