General

  • Target

    Prysmax Stealer v4.0 @blackcrackr.exe

  • Size

    170KB

  • MD5

    e4eade6663d96a8bf0e8bcbb55478eba

  • SHA1

    77bf17584d26f1e3050916b60adb6ec2dadc4a12

  • SHA256

    03a3b480a717c57dc876d668d6be89ecf2f75c1c50fc0660ee5b6350dd3e9494

  • SHA512

    92e5eca1f7e074c6856d17d958a78092694c6b2e3f4c2d6ef2983ce08a0fb8b2e244bace82a52c07a2ed5972205775c2509ac969fbcb55747fdd3f3e3266cb1e

  • SSDEEP

    3072:++STW8djpN6izj8mZwdJqutB+YDpqIPu/i9bVK2c7qi6+Wp7:j8XN6W8mmHPtppXPSi9b4

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot5800603586:AAEQALtYjWlWxGJKxTd_tkViM_h_6KdEMT0/sendMessage?chat_id=5901231421

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • StormKitty payload 1 IoCs
  • Stormkitty family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Prysmax Stealer v4.0 @blackcrackr.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections