General
-
Target
Prynt Stealer 7.2.2.rar
-
Size
7.8MB
-
Sample
241113-ymx4waybqg
-
MD5
a518813c6e2951820da8d982d74e079b
-
SHA1
2c33311ba0421a97f7901a2322892aef35580d26
-
SHA256
6ce374b8152c18a608e6812513f20dfd9eec26564caa58ff1cca766b3f4aacd4
-
SHA512
589da2aa8564227852f0ab00cd4eabb0a7dc50b27ea23e3dd68c30a6d6e7d6d6810bd2c57664a7ff6bf7bb56e94c6f3991ddb78f3967e50bf62a6a37abbbc6dc
-
SSDEEP
196608:W9swR3JQ65amk9zhuWK/ARbS4ookj+yNzXTff:WewRZQ65aDcWKF4uCyNzj3
Malware Config
Targets
-
-
Target
Prynt Stealer 7.2.2.rar
-
Size
7.8MB
-
MD5
a518813c6e2951820da8d982d74e079b
-
SHA1
2c33311ba0421a97f7901a2322892aef35580d26
-
SHA256
6ce374b8152c18a608e6812513f20dfd9eec26564caa58ff1cca766b3f4aacd4
-
SHA512
589da2aa8564227852f0ab00cd4eabb0a7dc50b27ea23e3dd68c30a6d6e7d6d6810bd2c57664a7ff6bf7bb56e94c6f3991ddb78f3967e50bf62a6a37abbbc6dc
-
SSDEEP
196608:W9swR3JQ65amk9zhuWK/ARbS4ookj+yNzXTff:WewRZQ65aDcWKF4uCyNzj3
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Stormkitty family
-
Async RAT payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1