Overview

overview

10

Static

static

10

Rizon/Rizon/Rizon.exe

windows7-x64

7

Rizon/Rizon/Rizon.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Rizon.zip

  • Size

    20.5MB

  • Sample

    240702-v52y1axfpp

  • MD5

    8c3bbb4348d1408f12b8fe4d75398b7b

  • SHA1

    c0cd2a196964e5f932c3670643970dc80a8f514b

  • SHA256

    2ab37b5f413b11a0cfb8082a72082e1c778cf614e7c43942736e0dd9a5299588

  • SHA512

    ff07d5d78620e2631233e2f876b0c17c7ef6047b717fa72042f36cb3aa190ba2a8432a5f25a6aed78e833127d996cd6d9af669f06e644c2f59ab28d58bd39a21

  • SSDEEP

    393216:r3whnpvx5TDkehmEWjo/my96+LOGTqQTVP3GAT/+SYHhyJArv2lEu0mr:8hpvxhQ+mEWJEV3GpvHh3rvcECr

Score
10/10
empyreanpersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Rizon/Rizon/Rizon.exe

    • Size

      20.7MB

    • MD5

      21d57087e62acc09039f16af474716e8

    • SHA1

      162a46eb8678acc0be6ffcdafd21e559dad613ea

    • SHA256

      f9a6caf403de4d2bda34278c63521130da245c5bd0930cfd19e121f1c4890f92

    • SHA512

      b96a980f7e8762a4b0f2ce7d9c41f1eed2e9cb0f762de928d16adf2596de5f17acf966458cc3e2e606a9a6850d6c4459f393938e8b947645f3e001c51ad1db9f

    • SSDEEP

      393216:EqPnLFXlrPkQvyRTDOETgsnWUxcGFOgB0OpMYW0LqbpZvWSns:lPLFXNcQvyAEb04UJ0LkZvK

    Score
    7/10
    upxpersistenceprivilege_escalationspywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks