General
-
Target
Rizon.zip
-
Size
20.5MB
-
Sample
240702-v52y1axfpp
-
MD5
8c3bbb4348d1408f12b8fe4d75398b7b
-
SHA1
c0cd2a196964e5f932c3670643970dc80a8f514b
-
SHA256
2ab37b5f413b11a0cfb8082a72082e1c778cf614e7c43942736e0dd9a5299588
-
SHA512
ff07d5d78620e2631233e2f876b0c17c7ef6047b717fa72042f36cb3aa190ba2a8432a5f25a6aed78e833127d996cd6d9af669f06e644c2f59ab28d58bd39a21
-
SSDEEP
393216:r3whnpvx5TDkehmEWjo/my96+LOGTqQTVP3GAT/+SYHhyJArv2lEu0mr:8hpvxhQ+mEWJEV3GpvHh3rvcECr
Behavioral task
behavioral1
Sample
Rizon/Rizon/Rizon.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Rizon/Rizon/Rizon.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Rizon/Rizon/Rizon.exe
-
Size
20.7MB
-
MD5
21d57087e62acc09039f16af474716e8
-
SHA1
162a46eb8678acc0be6ffcdafd21e559dad613ea
-
SHA256
f9a6caf403de4d2bda34278c63521130da245c5bd0930cfd19e121f1c4890f92
-
SHA512
b96a980f7e8762a4b0f2ce7d9c41f1eed2e9cb0f762de928d16adf2596de5f17acf966458cc3e2e606a9a6850d6c4459f393938e8b947645f3e001c51ad1db9f
-
SSDEEP
393216:EqPnLFXlrPkQvyRTDOETgsnWUxcGFOgB0OpMYW0LqbpZvWSns:lPLFXNcQvyAEb04UJ0LkZvK
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1