Behavioral task
behavioral1
Sample
Prysmax Stealer v4.0 @blackcrackr.exe
Resource
win7-20230831-en
General
-
Target
Prysmax Stealer v4.0 @blackcrackr.exe
-
Size
170KB
-
MD5
e4eade6663d96a8bf0e8bcbb55478eba
-
SHA1
77bf17584d26f1e3050916b60adb6ec2dadc4a12
-
SHA256
03a3b480a717c57dc876d668d6be89ecf2f75c1c50fc0660ee5b6350dd3e9494
-
SHA512
92e5eca1f7e074c6856d17d958a78092694c6b2e3f4c2d6ef2983ce08a0fb8b2e244bace82a52c07a2ed5972205775c2509ac969fbcb55747fdd3f3e3266cb1e
-
SSDEEP
3072:++STW8djpN6izj8mZwdJqutB+YDpqIPu/i9bVK2c7qi6+Wp7:j8XN6W8mmHPtppXPSi9b4
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot5800603586:AAEQALtYjWlWxGJKxTd_tkViM_h_6KdEMT0/sendMessage?chat_id=5901231421
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
-
Async RAT payload 1 IoCs
resource yara_rule sample asyncrat -
Asyncrat family
-
StormKitty payload 1 IoCs
resource yara_rule sample family_stormkitty -
Stormkitty family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Prysmax Stealer v4.0 @blackcrackr.exe
Files
-
Prysmax Stealer v4.0 @blackcrackr.exe.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 167KB - Virtual size: 167KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ