top of page

NullMixer drops Redline Stealer, SmokeLoader and other malware

NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that can be found mainly via search engines. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper.

INDUSTRIES: Military, Industrial

MALWARE FAMILIES: Maui, Satacom, SgnitLoader, ClipBanker, DanaBot, Disbuk, Fabookie, Glupteba, NullMixer, Exodus, ShortLoader, RedLine, FormatLoader, SmokeLoader, Vidar

ATT&CK IDS: T1140 - Deobfuscate/Decode Files or Information, T1105 - Ingress Tool Transfer, T1566 - Phishing, T1036 - Masquerading, T1115 - Clipboard Data, T1059 - Command and Scripting Interpreter, T1113 - Screen Capture, T1021 - Remote Services, T1027 - Obfuscated Files or Information, T1003 - OS Credential Dumping, T1055 - Process Injection, T1176 - Browser Extensions, T1134 - Access Token Manipulation, T1546 - Event Triggered Execution, T1056 - Input Capture, T1033 - System Owner/User Discovery, T1204 - User Execution

Read More:

1 view


Commenting has been turned off.
bottom of page