General

  • Target

    PryntStealer-Cracked.rar

  • Size

    3.2MB

  • Sample

    230805-s2n7madd97

  • MD5

    36733e3f323d8b99fe05a0a3b60cb806

  • SHA1

    03365c3bdbbf908612c693a13941d3d16bfc1201

  • SHA256

    e4ce533707f9e1945dffa512023c4c9d4b9343a6e6218844bf8fac3e957b9260

  • SHA512

    999b864bb45fbf5b1ef6492321ebc089a9f9f32b2e59a063d2051e92dad30e3b450563615470a26e95444941f330015b751e5b25d3f8f432128244f4a5b6c4c8

  • SSDEEP

    98304:+B1c+Uz9pp6fSs52YLgatAVFrK/AyPibjWa:IMiSgXLhydK/ARbp

Malware Config

Targets

    • Target

      PryntStealer-Cracked.rar

    • Size

      3.2MB

    • MD5

      36733e3f323d8b99fe05a0a3b60cb806

    • SHA1

      03365c3bdbbf908612c693a13941d3d16bfc1201

    • SHA256

      e4ce533707f9e1945dffa512023c4c9d4b9343a6e6218844bf8fac3e957b9260

    • SHA512

      999b864bb45fbf5b1ef6492321ebc089a9f9f32b2e59a063d2051e92dad30e3b450563615470a26e95444941f330015b751e5b25d3f8f432128244f4a5b6c4c8

    • SSDEEP

      98304:+B1c+Uz9pp6fSs52YLgatAVFrK/AyPibjWa:IMiSgXLhydK/ARbp

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Target

      Prynt Stealer 5.6fixed.exe

    • Size

      378KB

    • MD5

      914c3ed0bc1e3014e15b17d87a61f7c4

    • SHA1

      9df55d26eb513d1916faab783c60f5b20cec8bc5

    • SHA256

      9a9a42bc0f7b7636a202561359da1098d2f4c45f27e80fdd062050a369e69a51

    • SHA512

      3ea3481377efe7b1873c7ab90719786aa2d9f82cdf75f243b27c6918280430bbee78833fba18dd5d69df3caf596c82faa481cad78aa64fdb7a6758b8b9161cde

    • SSDEEP

      6144:qTWgV4CTshTKxoGEflVecSEuNYnMuBAnLzuyvwWoSF45AcTG8OnXKxQmqbAQ4jeI:qTWwshTKxoGEflsFEuNYB8z1wWo4sAIx

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      stub/build.exe

    • Size

      250KB

    • MD5

      efaaca4cae6d960c91f279ac977d645f

    • SHA1

      97f455488bef96429253dd4e24c055470780143b

    • SHA256

      62a71deb9d259ea7b259bbfc9a254f382a695d89702d5ba02328a67eed23c6b4

    • SHA512

      a595ae55a0c7ffea98b0ef31b58c701d4f582ed2db01a89ce00dc9f947099cdbd3f261efccae4d68e31da70bb40c9ac947bed58fb9e9e500e02bdb5d82b55d79

    • SSDEEP

      6144:MDfJCTwQvNm9bQdK1FcSEuNYnMuBAnLzuyvwWoSF:sRCTwcEFEuNYB8z1wWo4

    Score
    10/10
    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Deletes itself

    • Target

      stub/stub4.5.1.exe

    • Size

      251KB

    • MD5

      7eea56ea4822ec3da3e86362c32e9304

    • SHA1

      ab8a0d7fd81bb61a63c8caeb52081da2fb3e5709

    • SHA256

      3e383968fbdd567bb56c293837fd2965615246f40b95876a0ff954b06b34b40c

    • SHA512

      61bd378e682519bbfc8dd33fb83865fb9a0e36fb9b1b086593a619992fd6480791d51e4a256f67a31394c6a67db1a5a2e8ee16c3b983c4734288834f9d3a3b57

    • SSDEEP

      6144:gpksnd7L4+m9bQfDFcSEuNYnMuBAnLzuyvwWoSF:g2snJ51FEuNYB8z1wWo4

    Score
    10/10
    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Deletes itself

    • Target

      stub/stub4.5.exe

    • Size

      251KB

    • MD5

      787c59882e9b7c46a800f44f6bb56a52

    • SHA1

      92bfffef47597329479dd636d8aa0613740a7e6f

    • SHA256

      3897171f1a25fa0d42e7658b72479e2089dbb51ad36658f2481326f4a9c13544

    • SHA512

      282ba558ef4adf6e011233919389f5a7936b955621062fc9169eb72f83b307bdc4707fa5dec7550658ebbb097f20159e5458722c6c829840e504792ac068438e

    • SSDEEP

      6144:tpksnd7X45m9bQf3FcSEuNYnMuBAnLzuyvwWoSF:t2snJihFEuNYB8z1wWo4

    Score
    10/10
    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks