PsiXBot

Description

(Fox-IT) The malware first surfaced in 2017 but has recently undergone significant developments of its core and modules, which include the logging of keystrokes and stealing of Outlook and browser credentials. With these new developments done and the first large scale distributions observed in the wild, PsiXBot has officially made its debut in the malware ecosystem.

The commands currently supported are: • Download • DownloadAndExecute • Execute • GetInstalledSoft • GetKeylogs • GetOutlook • GetProcessesList • GetScreenShot • GetSteallerCookies • GetSteallerPasswords • StartAndroidModule • StartBTC • StartComplexModule • StartKeylogger • StartNewComplexModule • StartSchedulerModule • StopProcess

Names

Name
PsiXBot
PsiX

Category

Malware

Type

• Backdoor
• Keylogger
• Credential stealer
• Info stealer
• Downloader
• Miner

Information

• https://blog.fox-it.com/2019/03/27/psixbot-the-evolution-of-a-modular-net-bot/
• https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.psix

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:psixbot

Other Information

Uuid

9fe9b905-2db4-49c2-81c1-4112c720f893

Last Card Change

2022-12-28