PsiX (Malware Family)

PsiX

aka: PsiXBot

According to Matthew Mesa, this is a modular bot. The name stems from the string PsiXMainModule in binaries until mid of September 2018.

In binaries, apart from BotModule and MainModule, references to the following Modules have be observed:
BrowserModule
BTCModule
ComplexModule
KeyLoggerModule
OutlookModule
ProcessModule
RansomwareModule
SkypeModule

References

2022-08-08 ⋅ Medium CSIS Techblog ⋅ Benoît Ancel
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader

2020-11-03 ⋅ Comodo ⋅ Comodo
Versions of PsiXBot
PsiX

2019-09-06 ⋅ Proofpoint ⋅ Proofpoint Threat Insight Team
PsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module
PsiX

2019-09-05 ⋅ Twitter (@seckle_ch) ⋅ Daniel Stirnimann
Tweet on DoH
PsiX

2019-08-12 ⋅ Proofpoint ⋅ Proofpoint Threat Insight Team
PsiXBot Continues to Evolve with Updated DNS Infrastructure
PsiX

2019-03-27 ⋅ Fox-IT ⋅ Antonio Parata, Stefano Antenucci
PsiXBot: The Evolution Of A Modular .NET Bot
PsiX

2018-08-30 ⋅ Twitter (@mesa_matt) ⋅ Matthew Mesa
Tweet on PsiX
PsiX

There is no Yara-Signature yet.

PsiX Propose Change

References

PsiX