Overview

overview

10

Static

static

10

Bunifu.Licensing.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

DragAssembly.dll

windows10-2004-x64

1

Mono.Cecil.Mdb.dll

windows10-2004-x64

1

Mono.Cecil.Pdb.dll

windows10-2004-x64

1

Mono.Cecil.Rocks.dll

windows10-2004-x64

1

Mono.Cecil.dll

windows10-2004-x64

1

Prynt Stea...ed.exe

windows10-2004-x64

10

Siticone.UI.dll

windows10-2004-x64

1

stub/DotNetZip.dll

windows10-2004-x64

1

stub/DotNetZip_.dll

windows10-2004-x64

1

stub/build.exe

windows10-2004-x64

10

stub/stub4.5.1.exe

windows10-2004-x64

10

stub/stub4.5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PryntStealer-Cracked.zip

  • Size

    3.2MB

  • Sample

    230331-f6d61aaa9s

  • MD5

    36733e3f323d8b99fe05a0a3b60cb806

  • SHA1

    03365c3bdbbf908612c693a13941d3d16bfc1201

  • SHA256

    e4ce533707f9e1945dffa512023c4c9d4b9343a6e6218844bf8fac3e957b9260

  • SHA512

    999b864bb45fbf5b1ef6492321ebc089a9f9f32b2e59a063d2051e92dad30e3b450563615470a26e95444941f330015b751e5b25d3f8f432128244f4a5b6c4c8

  • SSDEEP

    98304:+B1c+Uz9pp6fSs52YLgatAVFrK/AyPibjWa:IMiSgXLhydK/ARbp

Score
10/10
stormkittyagilenetstealer

Malware Config

Targets

    • Target

      Bunifu.Licensing.dll

    • Size

      1.2MB

    • MD5

      1a45c5f35d5a5b3bf94f01caae45a641

    • SHA1

      678428c593a7b168803766264e4fe44fab253700

    • SHA256

      3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1

    • SHA512

      3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579

    • SSDEEP

      24576:4AECFfBu6lsgu8la4AfrCN/s3IEiZfy/bbxqt72l6oQkwi:FfxyIla4lN2liQ/bYtg6iwi

    Score
    1/10
    behavioral1

    • Target

      Bunifu.UI.WinForms.BunifuButton.dll

    • Size

      108KB

    • MD5

      3e60d71b66fb974045fb8dae1baef617

    • SHA1

      7078e2779f8c8d0a594c985ff7ca2e65cabaed6b

    • SHA256

      ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0

    • SHA512

      fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327

    • SSDEEP

      3072:bci6D+NfJoqK3E6f2ih0xdGzFpzUHgmvE9ZshCcU7P0tbSInIKm:o+NfJoqK3E6f2ih0xdGzFpzUHgmvEQC5

    Score
    1/10
    behavioral2

    • Target

      Bunifu.UI.WinForms.BunifuCheckBox.dll

    • Size

      103KB

    • MD5

      db530e9b3be4232a474e201798975c3b

    • SHA1

      3be4c26c7841f2e6d0310eef3a1e1730fc2e33ef

    • SHA256

      a1bfdfb908aecd1495e78789640b39982801800848abf202bd8f4a538a8e2d85

    • SHA512

      b5cad7da8cf0de850da761de0c2a12efe3de3a6ef80232847ded224dec931f0f2e24da6579900153b1c23a8dab8e982f54f73043c51827aad6378464ad1af150

    • SSDEEP

      1536:V+ISJunQdWxsOQ8TmoeW9B6Ylw9oGMtWUNVLeOT+b:V+ISJuncWKVWbxlPDNVLeOE

    Score
    1/10
    behavioral3

    • Target

      Bunifu.UI.WinForms.BunifuGradientPanel.dll

    • Size

      61KB

    • MD5

      3d622700dc3bcafe8d024c9db5498e2b

    • SHA1

      05195f9aae925b79dcc50abf33b2e19b99979d21

    • SHA256

      ec894ea254b16af35edce401678cb079036a98103550c9384ce99669abe21a31

    • SHA512

      6044f3d3f46e8514a46514b5bcbc82591b1af448591efadd017d31e0c59701df4fc530fa68d60ac05f6557c5507b971a94597928ac6752310414cd44452797e0

    • SSDEEP

      768:KtOa8cFoOYwmObnyWL5xQn/5C6/f5ia2z67ipZdhPOYjgsfHM9oizKgJHIM:Kt9jrbLUBC6H5XM6OpZdh2cxsO+ToM

    Score
    1/10
    behavioral4

    • Target

      Bunifu.UI.WinForms.BunifuLabel.dll

    • Size

      421KB

    • MD5

      e65106de1d954a8ba99dba7fdc3757ab

    • SHA1

      459c0bab697f3ac7b444464d3dffaf87adf0b9a8

    • SHA256

      2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab

    • SHA512

      f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93

    • SSDEEP

      6144:Fx0YWWd9jDKErgWc0uk+SyLmXFbP2DJFKFyyPBYVN:FIEcWc0WLmVA8BYj

    Score
    1/10
    behavioral5

    • Target

      Bunifu.UI.WinForms.BunifuPanel.dll

    • Size

      43KB

    • MD5

      c9b870d649ca008152c8a5f70c26f00f

    • SHA1

      aa34ac78f4a8740efce16960e7e35e860e212f49

    • SHA256

      2f11a4fafa78fe89a49d6f954a46cb80548d3faaace84ec5faac06ceffbcd191

    • SHA512

      d5a9061801b4b97c842aeb8d453118e8f7f2dfff499403d44ac667171de4e4652c245ff02ff0a7f9e1012b952e70fdffca546de4d4a03909206789d35972cb76

    • SSDEEP

      768:xn5riyVbhpxzlpiTLt2VL6NtnP1X/22b0w8XhlA9vVtmTCBwJItnhrgEZz/h+K2T:RiTJ2l6NtP1X/22b0w8XhlA9vVtmTCBS

    Score
    1/10
    behavioral6

    • Target

      Bunifu.UI.WinForms.BunifuPictureBox.dll

    • Size

      37KB

    • MD5

      fd6e28c44ab0bb05721034aa10e5e5c7

    • SHA1

      2c52c3925b7b3f9bb17fcf32ee7daadd275fdf81

    • SHA256

      df1d1a4399138a002883caeb326cb23fa95b5ec4a18a1abbc725166155a299d0

    • SHA512

      bf8bb42cce6713bdae6a70f30ba3e889f6d63ab1e92336fddc890cedf33c3cf17f06114c301eeb0b552384af3a2ca0b64ad8920f7a266bed0b6b690b710b74e9

    • SSDEEP

      768:RDM5qd07rjIiE27vDrAoNookVPzQ8fosMs3eeq9iKH69izKgjAe+:KE27vPAoNookdQ1iLq9Rm+RA/

    Score
    1/10
    behavioral7

    • Target

      Bunifu.UI.WinForms.BunifuShadowPanel.dll

    • Size

      46KB

    • MD5

      e44f7f9aeb04fecb92bf963f9bd742ee

    • SHA1

      321a74d31a77ec72ba150414ad882c6837a4adc0

    • SHA256

      143ffc7dcab05060e40b8942f6c2fc1df621befda482c66f0ef0b4ccc5944315

    • SHA512

      2cbf4e0bd3c92565d1116dbaaf57df3caece3373d376f404356bd7ab718e7589ce4703d7000bdee8f2748e92a36027ff5da17d79c85867e420236d596c89beea

    • SSDEEP

      768:M6PCKB5UZ2SIZbidOzVDrJsQ4l1BwmUy6fRXLvKcU8knpoBTliQVD35/HS1GzsQo:MsJJB4TBwmUy6fRXLvKD8knQL5fS1csL

    Score
    1/10
    behavioral8

    • Target

      Bunifu.UI.WinForms.BunifuTextbox.dll

    • Size

      113KB

    • MD5

      7571e9840eb07d2e31a88f650fc63350

    • SHA1

      590898ae191816dc1249bbcabd839b493b1870b7

    • SHA256

      8d7c6fe2b9b5793c7ab885885bace64f1ee8deaeba4d431a8b697266b63ba19a

    • SHA512

      c0a9ccdc9401cbcb68126837666839209957c8009e9271f6f1f9e195b67e67a7b3b1b86cb977244081bbec85f1d3f06182ce36e72b9425d9849e95ee0b036b36

    • SSDEEP

      1536:lrETKZN2tUFNZltyJcatoMuZJrxHxhAedJxD+0NK:lrETKPa+7rUPQJrhx6wJx1w

    Score
    1/10
    behavioral9

    • Target

      DragAssembly.dll

    • Size

      4KB

    • MD5

      3032d055fca0a8565a01d936f8846638

    • SHA1

      07876039c5cdba41560fd1445088dca759a2a324

    • SHA256

      353e542e6cca204e960675b9afb1ef7ada3194dcf65a7a939464501df2e20b0c

    • SHA512

      0f4aa304a9d5bb91f42b6c2777a105518e2fbb715f88a8b285a951f8ee1f635283d7b77e0f76f8683510f04cac9e2cf9e051eca5c4b98af9e6e81a0fe0573be2

    • SSDEEP

      96:48llZV12bcgjeMZDxnbspltThvRPYO3XII:9llglDxbsnBhvT/

    Score
    1/10
    behavioral10

    • Target

      Mono.Cecil.Mdb.dll

    • Size

      42KB

    • MD5

      1c6aca0f1b1fa1661fc1e43c79334f7c

    • SHA1

      ec0f591a6d12e1ea7dc8714ec7e5ad7a04ef455d

    • SHA256

      411f8ed8c49738fa38a56ed8f991d556227d13602e83186e66ae1c4f821c940b

    • SHA512

      1c59e939d108f15881d29fe4ced4e5fa4a4476394b58b6eb464da77192cb8fe9221b7cd780af4596914d4cce7c3fc53f1bb567f944c58829de8efbe1fd87be76

    • SSDEEP

      768:Ar5EYZep98C87KHeBUZwrEzsEAnbF+em50KktmM4CRIcZwMRTIzMAtpw:Ar59g98C87KHeBUb5AnZG+zdwMRTzAtS

    Score
    1/10
    behavioral11

    • Target

      Mono.Cecil.Pdb.dll

    • Size

      87KB

    • MD5

      6d5eb860c2be5dbeb470e7d3f3e7dda4

    • SHA1

      80c76660b87c52127b1a7da48e27700f75362041

    • SHA256

      447ede1984bb4acd73bd97c0ec57a11c079cee8301c91fb199ca98c1906d3cc4

    • SHA512

      64cf4fe7de68a35720d2b9338ba9cf182e127d95d72d2ccf7ff5c73a368133663e70c988a460825fa87b2d03717a4447948d5262f56aceb7c3bf1cb3ab5a41a5

    • SSDEEP

      1536:2OCAsdBo+am5OMwr5IlALYKXgAJGsZhTjrjvjCXeO:ZCjta0OMuIlArVJGqT/jveXeO

    Score
    1/10
    behavioral12

    • Target

      Mono.Cecil.Rocks.dll

    • Size

      27KB

    • MD5

      6e7f0f4fff6c49e3f66127c23b7f1a53

    • SHA1

      14a529f8c7ee9f002d1e93dcf8ff158ab74c7e1a

    • SHA256

      2e2623319bdc362974a78ea4a43f4893011ec257884d24267f4594142fcd436e

    • SHA512

      0c773da6717dd6919cd6241d3cee26ab00bb61ea2dbeff24844a067af4c87ff5cbdb2fe3ada5db4707cee921b3fb353bd12ee22b8490597d4f67ad39bace235e

    • SSDEEP

      384:70ve8JOuJ5iC7n2NwxEXCni+VXcMeDz8PmR1ugLoaeuLMBG9UphJAprjE3uFLHa9:7+m4iCyrXOhG8uRssveum1pMFLHFBvd

    Score
    1/10
    behavioral13

    • Target

      Mono.Cecil.dll

    • Size

      350KB

    • MD5

      de69bb29d6a9dfb615a90df3580d63b1

    • SHA1

      74446b4dcc146ce61e5216bf7efac186adf7849b

    • SHA256

      f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

    • SHA512

      6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

    • SSDEEP

      6144:jIevdbLPNYe8bikm98KXPHhOWY/fFREomhUFD3z:se1PNL+QRfBg/f/EWFD

    Score
    1/10
    behavioral14

    • Target

      Prynt Stealer 5.6fixed.exe

    • Size

      378KB

    • MD5

      914c3ed0bc1e3014e15b17d87a61f7c4

    • SHA1

      9df55d26eb513d1916faab783c60f5b20cec8bc5

    • SHA256

      9a9a42bc0f7b7636a202561359da1098d2f4c45f27e80fdd062050a369e69a51

    • SHA512

      3ea3481377efe7b1873c7ab90719786aa2d9f82cdf75f243b27c6918280430bbee78833fba18dd5d69df3caf596c82faa481cad78aa64fdb7a6758b8b9161cde

    • SSDEEP

      6144:qTWgV4CTshTKxoGEflVecSEuNYnMuBAnLzuyvwWoSF45AcTG8OnXKxQmqbAQ4jeI:qTWwshTKxoGEflsFEuNYB8z1wWo4sAIx

    Score
    10/10
    stormkittyagilenetstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral15

    • Target

      Siticone.UI.dll

    • Size

      1.3MB

    • MD5

      750c58af2e56b6addecffcf152520ab8

    • SHA1

      14995e7f1d12498606d9d209d78d55fe6fd87802

    • SHA256

      27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

    • SHA512

      2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

    • SSDEEP

      24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb

    Score
    1/10
    behavioral16

    • Target

      stub/DotNetZip.dll

    • Size

      448KB

    • MD5

      6d1c62ec1c2ef722f49b2d8dd4a4df16

    • SHA1

      1bb08a979b7987bc7736a8cfa4779383cb0ecfa6

    • SHA256

      00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c

    • SHA512

      c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2

    • SSDEEP

      6144:FuCIjOL8qwWN/jMlC/XiapWSu9vnITVxGtSV41kJDsTDD5rlGe6wfxLV/7:dZLJLdvOSsnjS4csBrge6sf7

    Score
    1/10
    behavioral17

    • Target

      stub/DotNetZip_.dll

    • Size

      448KB

    • MD5

      6d1c62ec1c2ef722f49b2d8dd4a4df16

    • SHA1

      1bb08a979b7987bc7736a8cfa4779383cb0ecfa6

    • SHA256

      00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c

    • SHA512

      c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2

    • SSDEEP

      6144:FuCIjOL8qwWN/jMlC/XiapWSu9vnITVxGtSV41kJDsTDD5rlGe6wfxLV/7:dZLJLdvOSsnjS4csBrge6sf7

    Score
    1/10
    behavioral18

    • Target

      stub/build.exe

    • Size

      250KB

    • MD5

      efaaca4cae6d960c91f279ac977d645f

    • SHA1

      97f455488bef96429253dd4e24c055470780143b

    • SHA256

      62a71deb9d259ea7b259bbfc9a254f382a695d89702d5ba02328a67eed23c6b4

    • SHA512

      a595ae55a0c7ffea98b0ef31b58c701d4f582ed2db01a89ce00dc9f947099cdbd3f261efccae4d68e31da70bb40c9ac947bed58fb9e9e500e02bdb5d82b55d79

    • SSDEEP

      6144:MDfJCTwQvNm9bQdK1FcSEuNYnMuBAnLzuyvwWoSF:sRCTwcEFEuNYB8z1wWo4

    Score
    10/10
    stormkittystealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral19

    • Target

      stub/stub4.5.1.exe

    • Size

      251KB

    • MD5

      7eea56ea4822ec3da3e86362c32e9304

    • SHA1

      ab8a0d7fd81bb61a63c8caeb52081da2fb3e5709

    • SHA256

      3e383968fbdd567bb56c293837fd2965615246f40b95876a0ff954b06b34b40c

    • SHA512

      61bd378e682519bbfc8dd33fb83865fb9a0e36fb9b1b086593a619992fd6480791d51e4a256f67a31394c6a67db1a5a2e8ee16c3b983c4734288834f9d3a3b57

    • SSDEEP

      6144:gpksnd7L4+m9bQfDFcSEuNYnMuBAnLzuyvwWoSF:g2snJ51FEuNYB8z1wWo4

    Score
    10/10
    stormkittystealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral20

    • Target

      stub/stub4.5.exe

    • Size

      251KB

    • MD5

      787c59882e9b7c46a800f44f6bb56a52

    • SHA1

      92bfffef47597329479dd636d8aa0613740a7e6f

    • SHA256

      3897171f1a25fa0d42e7658b72479e2089dbb51ad36658f2481326f4a9c13544

    • SHA512

      282ba558ef4adf6e011233919389f5a7936b955621062fc9169eb72f83b307bdc4707fa5dec7550658ebbb097f20159e5458722c6c829840e504792ac068438e

    • SSDEEP

      6144:tpksnd7X45m9bQf3FcSEuNYnMuBAnLzuyvwWoSF:t2snJihFEuNYB8z1wWo4

    Score
    10/10
    stormkittystealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral21

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

6
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks