General

  • Target

    Risxn_Extreme_v3.exe

  • Size

    5.9MB

  • Sample

    240602-x7n62acd4s

  • MD5

    d6c43a25deadc9a9418ff973b7732bf9

  • SHA1

    32fbb6255b828af8eee9034f370e74a89c23ce52

  • SHA256

    8f2e7b62fa509bd0fc3f4e22abbe817109672c3a192c243983cb00549e61daff

  • SHA512

    de61c68c551c5a61c4cc1056b67bf842d9a7218838c46d3d14177bb76cb0de6006caf8185f39e4f08047f0830bf9da1be444f0af149ceb9c25454a2bb2fbc552

  • SSDEEP

    98304:UrDEvMhjdqi65sn6Wfz7pnxCMJk1JTxuZ3zEgyOFRynh6iIrkrR88gpnjeqGZ:UrDx4DOYMJeJT44xnh6TrCR8ny5Z

Malware Config

Targets

    • Target

      Risxn_Extreme_v3.exe

    • Size

      5.9MB

    • MD5

      d6c43a25deadc9a9418ff973b7732bf9

    • SHA1

      32fbb6255b828af8eee9034f370e74a89c23ce52

    • SHA256

      8f2e7b62fa509bd0fc3f4e22abbe817109672c3a192c243983cb00549e61daff

    • SHA512

      de61c68c551c5a61c4cc1056b67bf842d9a7218838c46d3d14177bb76cb0de6006caf8185f39e4f08047f0830bf9da1be444f0af149ceb9c25454a2bb2fbc552

    • SSDEEP

      98304:UrDEvMhjdqi65sn6Wfz7pnxCMJk1JTxuZ3zEgyOFRynh6iIrkrR88gpnjeqGZ:UrDx4DOYMJeJT44xnh6TrCR8ny5Z

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks