Overview
overview
10Static
static
10PryntSteal...ed.rar
windows7-x64
3PryntSteal...ed.rar
windows10-2004-x64
7Prynt Stea...ed.exe
windows7-x64
10Prynt Stea...ed.exe
windows10-2004-x64
10stub/build.exe
windows7-x64
10stub/build.exe
windows10-2004-x64
10stub/stub4.5.1.exe
windows7-x64
10stub/stub4.5.1.exe
windows10-2004-x64
10stub/stub4.5.exe
windows7-x64
10stub/stub4.5.exe
windows10-2004-x64
10General
-
Target
PryntStealer-Cracked.rar
-
Size
3.2MB
-
Sample
230805-s2n7madd97
-
MD5
36733e3f323d8b99fe05a0a3b60cb806
-
SHA1
03365c3bdbbf908612c693a13941d3d16bfc1201
-
SHA256
e4ce533707f9e1945dffa512023c4c9d4b9343a6e6218844bf8fac3e957b9260
-
SHA512
999b864bb45fbf5b1ef6492321ebc089a9f9f32b2e59a063d2051e92dad30e3b450563615470a26e95444941f330015b751e5b25d3f8f432128244f4a5b6c4c8
-
SSDEEP
98304:+B1c+Uz9pp6fSs52YLgatAVFrK/AyPibjWa:IMiSgXLhydK/ARbp
Behavioral task
behavioral1
Sample
PryntStealer-Cracked.rar
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
PryntStealer-Cracked.rar
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
Prynt Stealer 5.6fixed.exe
Resource
win7-20230712-en
Behavioral task
behavioral4
Sample
Prynt Stealer 5.6fixed.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
stub/build.exe
Resource
win7-20230712-en
Behavioral task
behavioral6
Sample
stub/build.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
stub/stub4.5.1.exe
Resource
win7-20230712-en
Behavioral task
behavioral8
Sample
stub/stub4.5.1.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral9
Sample
stub/stub4.5.exe
Resource
win7-20230712-en
Behavioral task
behavioral10
Sample
stub/stub4.5.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
PryntStealer-Cracked.rar
-
Size
3.2MB
-
MD5
36733e3f323d8b99fe05a0a3b60cb806
-
SHA1
03365c3bdbbf908612c693a13941d3d16bfc1201
-
SHA256
e4ce533707f9e1945dffa512023c4c9d4b9343a6e6218844bf8fac3e957b9260
-
SHA512
999b864bb45fbf5b1ef6492321ebc089a9f9f32b2e59a063d2051e92dad30e3b450563615470a26e95444941f330015b751e5b25d3f8f432128244f4a5b6c4c8
-
SSDEEP
98304:+B1c+Uz9pp6fSs52YLgatAVFrK/AyPibjWa:IMiSgXLhydK/ARbp
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
-
-
Target
Prynt Stealer 5.6fixed.exe
-
Size
378KB
-
MD5
914c3ed0bc1e3014e15b17d87a61f7c4
-
SHA1
9df55d26eb513d1916faab783c60f5b20cec8bc5
-
SHA256
9a9a42bc0f7b7636a202561359da1098d2f4c45f27e80fdd062050a369e69a51
-
SHA512
3ea3481377efe7b1873c7ab90719786aa2d9f82cdf75f243b27c6918280430bbee78833fba18dd5d69df3caf596c82faa481cad78aa64fdb7a6758b8b9161cde
-
SSDEEP
6144:qTWgV4CTshTKxoGEflVecSEuNYnMuBAnLzuyvwWoSF45AcTG8OnXKxQmqbAQ4jeI:qTWwshTKxoGEflsFEuNYB8z1wWo4sAIx
Score10/10-
StormKitty payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
stub/build.exe
-
Size
250KB
-
MD5
efaaca4cae6d960c91f279ac977d645f
-
SHA1
97f455488bef96429253dd4e24c055470780143b
-
SHA256
62a71deb9d259ea7b259bbfc9a254f382a695d89702d5ba02328a67eed23c6b4
-
SHA512
a595ae55a0c7ffea98b0ef31b58c701d4f582ed2db01a89ce00dc9f947099cdbd3f261efccae4d68e31da70bb40c9ac947bed58fb9e9e500e02bdb5d82b55d79
-
SSDEEP
6144:MDfJCTwQvNm9bQdK1FcSEuNYnMuBAnLzuyvwWoSF:sRCTwcEFEuNYB8z1wWo4
Score10/10-
StormKitty payload
-
Deletes itself
-
-
-
Target
stub/stub4.5.1.exe
-
Size
251KB
-
MD5
7eea56ea4822ec3da3e86362c32e9304
-
SHA1
ab8a0d7fd81bb61a63c8caeb52081da2fb3e5709
-
SHA256
3e383968fbdd567bb56c293837fd2965615246f40b95876a0ff954b06b34b40c
-
SHA512
61bd378e682519bbfc8dd33fb83865fb9a0e36fb9b1b086593a619992fd6480791d51e4a256f67a31394c6a67db1a5a2e8ee16c3b983c4734288834f9d3a3b57
-
SSDEEP
6144:gpksnd7L4+m9bQfDFcSEuNYnMuBAnLzuyvwWoSF:g2snJ51FEuNYB8z1wWo4
Score10/10-
StormKitty payload
-
Deletes itself
-
-
-
Target
stub/stub4.5.exe
-
Size
251KB
-
MD5
787c59882e9b7c46a800f44f6bb56a52
-
SHA1
92bfffef47597329479dd636d8aa0613740a7e6f
-
SHA256
3897171f1a25fa0d42e7658b72479e2089dbb51ad36658f2481326f4a9c13544
-
SHA512
282ba558ef4adf6e011233919389f5a7936b955621062fc9169eb72f83b307bdc4707fa5dec7550658ebbb097f20159e5458722c6c829840e504792ac068438e
-
SSDEEP
6144:tpksnd7X45m9bQf3FcSEuNYnMuBAnLzuyvwWoSF:t2snJihFEuNYB8z1wWo4
Score10/10-
StormKitty payload
-
Deletes itself
-