NullMixer: oodles of Trojans in a single dropper

【ブログ】

◆NullMixer: oodles of Trojans in a single dropper (SecureList(Kaspersky), 2022/09/26)
[NullMixer: 大量のトロイの木馬を1つのドロッパーに凝縮]
https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/

【関連情報】

◆PCを大量のマルウェアに感染させるドロッパー「NullMixer」の威力とは？ (マイナビニュース, 2022/09/27 19:31)
https://news.mynavi.jp/techplus/article/20220927-2464117/
⇒ https://malware-log.hatenablog.com/entry/2022/09/27/000000_1

◆NullMixer (まとめ)
https://malware-log.hatenablog.com/entry/NullMixer

【インディケータ情報】

■ハッシュ情報(MD5) - ColdStealer -

06B31367D65A411B1F2A7B3091FB31D4
584B186152A16161E502816BF990747C
C41A85123AF144790520F502FE190110

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - CsdiMonetize -

5B14369C347439BECACAA0883C07F17B
7E58613DDB2FDD10EED17BBCE5B3E0A9
883403C940B477CEE083EFEEA8C252C6
98F0556A846F223352DA516AF66FA1A0
CEADA3798FD16FAC13F053D0C6F4D198

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - DanaBot -

D91325640F392D33409B8F1B2315B97C

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - Disbuk -

3739256794EBF9BA8C6597A4687C8799
FBD3940D1AD28166D8539EAE23D44D5B

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - Downloader.Bitser -

AAEFF1F8E7BD3A81C69C472BCD211A7B

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - Downloader.INNO -

E65BF2D56FCAA18C1A8D0D481072DC62

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - Fabookie -

33F7383C2EB9B20E11E6A149AA62DEA4
79400B1FD740D9CB7EC7C2C2E9A7D618

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - FormatLoader -

B8ECEC542A07067A193637269973C2E8

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - GCleaner -

42100BAF34C4B1B0E89F1C2EF94CF8F8

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - Generic.ClipBanker -

4D75DEA49F6BD60F725FAE9C28CD0960

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - LgoogLoader -

CC722FD0BD387CF472350DC2DD7DDD1E
4008D7F17A08EFD3FBD18E4E1BA29E00
B2A2F85B4201446B23A250F68051B4DC

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - NullMixer -

4EC312D77817D8FB90403FF87B88D5E3
12DBC75B071077042C097AFD59B2137F
F94BF1734F34665A65A835CC04A4AD95

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - PrivateLoader -

362592241E15293C68D0F24468723BBB
7875AAB3E23F885DF12FF62D9EF5DB50

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - PseudoManuscrypt -

B0448525C5A00135BB5B658CC6745574
D5C1C44D19D8D6E8C0F739CAB439E45E

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - Racealer -

4FEBA8683DAA18545E9F9408E4CD07BD

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - RedLine -

446119332738133D3ECD2D00EBE5D0EC
5994DE41D8B4ED3BBB4F870A33CB839A
9F8800BF866E944EFB2034EC56ED574E
AC458CABFED224353545707DF966A2BA
AF817AAD791628143019FFDE530D0EF7

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - Satacom -

2086E25FB651F0A8D713024DE2168B9B

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - SgnitLoader -

B2620FFE40493FDF9E771BFF3BDCBC44
4DD3F638D4C370ABEB3EBF59CAD8ED2F

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - ShortLoader -

CE54B9287C3E4B5733035D0BE085D989

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - SmokeLoader -

9F1EAA0FF990913F7D4DFD31841DE47A

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■ハッシュ情報(MD5) - Vidar -

639DE55E338BFCEA8DAAE727141AF3D1

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■url情報 - Malicious ULRs -

hxxps://azilominehostz.xyz/
hxxps://patchlinks.com/
hxxp://137.184.159.42/
hxxp://185.186.142.166/wallet.exe
hxxps://dll1.stdcdn.com/
hxxp://tg8.cllgxx.com/hp8/g1/yrpp1047.exe
hxxp://eurekabike.com/pmzero/design/img/LightCleaner9252839.exe
hxxps://i.xyzgamei.com/gamexyz/2201/random.exe
hxxp://www.sxhxrj.com/askhelp35/askinstall35.exe
hxxps://presstheme.me/
hxxp://remviagra.com/pub1.exe
hxxp://privacy-tools-for-you-782.com/downloads/toolspab2.exe
hxxps://cdn.discordapp.com/attachments/917889480646590537/935966171835031612/Cube_WW6.exe
hxxp://onlinehueplet.com/77_1.exe
hxxps://cdn.discordapp.com/attachments/934006169125679147/943432754161410108/WW19.exe
hxxp://privacy-tools-for-you-791.com/downloads/toolspab1.exe
hxxps://cdn.discordapp.com/attachments/917889480646590537/943130993404018709/Fixtools.exe
hxxp://stylesheet.faseaegasdfase.com/hp8/g1/rtst1051.exe
hxxp://104.168.215.231/kde.exe
hxxp://careerguide4u.online/wp-content/plugins/google-analytics-for-wordpress/BlackCleanerSetp521234.exe
hxxps://i.xyzgamei.com/gamexyz/2203/random.exe
hххp://zenitsu.s3.pl-waw.scw.cloud/pub-summoning/poweroff.exe
hххps://tengenuzui.s3.pl-waw.scw.cloud/makio/cpm_pr_vp46up4d6j_.exe
hххps://tengenuzui.s3.pl-waw.scw.cloud/makio/updto_bgn64wau5x_date.exe
hххps://tengenuzui.s3.pl-waw.scw.cloud/makio/handler_wbba4vzm89rxskhs.exe
hxxps://i.xyzgamei.com/gamexyz/25/random.exe
hххps://v.xyzgamev.com/25.html
hххps://v.xyzgamev.com/login.html
hxxp://jackytpload.su/campaign6/autosubplayer.exe
hxxps://gc-distribution.biz/pub.php?pub=five
hxxp://www.sxhxrj.com/askhelp42/askinstall42.exe
hxxps://flexnetinformatica.com.br/wp-content/plugins/elementor/assets/LightCleaner2132113.exe
hxxp://stylesheet.faseaegasdfase.com\/hp8/g1/siww1053.exe
hxxps://source3.boys4dayz.com/installer.exe
hxxps://signaturebusinesspark.com/360/fw3.exe
hxxps://signaturebusinesspark.com/360/fw4.exe
hxxps://signaturebusinesspark.com/360/fw6.exe
hxxps://cdn.discordapp.com/attachments/937783814208491553/937784072967692368/SecondFile.exe
hххps://v.xyzgamev.com/23.html
hххps://v.xyzgamev.com/login.html

(以上は Kaspersky の情報: 引用元は https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/ )

■url情報 - Malware C&Cs -

178.62.113[.]205/runtermo
185.163.204[.]22/runtermo
185.163.45[.]70/runtermo
185.186.142[.]166
185.215.113[.]10
185.38.142[.]132
212.193.30[.]21/base/api/
212.193.30[.]45/proxies.txt
5.9.224[.]217
92.255.57[.]115
ads-memory[.]biz
all-mobile-pa1ments.com[.]mx
all-smart-green[.]com
am1420wbec[.]com/upload/
appwebstat[.]biz
banhamm[.]com
buy-fantasy-fo0tball.com[.]sg
buy-fantasy-gmes.com[.]sg
connectini[.]net
dll1.stdcdn[.]com
dollybuster[.]at/upload/
egsagl[.]com/upload/
enter-me[.]xyz
fennsports[.]com/upload/
file-coin-host-12[.]com
ginta[.]link
hhiuew33[.]com/check/safe
host-data-coin-11[.]com
islamic-city[.]com/upload/
mordo[.]ru/upload/
nahbleiben[.]at/upload/
noblecreativeaz[.]com/upload/
one-wedding-film[.]com
piratia-life[.]ru/upload/
presstheme[.]me
real-enter-solutions[.]xyz
recmaster[.]ru/upload/
remik-franchise[.]ru/upload/
reoseio[.]com
signaturebusinesspark[.]com
sovels[.]ru/upload/
spaldingcompanies[.]com/upload/
toa.mygametoa[.]com
topexpertshop[.]com
topniemannpicksh0p[.]cc
tvqaq[.]cn/upload/
whsddzs[.]com/Home/Index/djksye