Stealthy Malware written in C/C++ Steal Directory

In order to produce complex and sophisticated attacks, information stealers such as “Prynt” are used by threat actors.

They use these thieves to steal critical information from targeted organizations and individuals. These complex attacks also allow hackers to deploy sophisticated payloads and ransomware.

Recently, cybersecurity analysts from CYFIRMA Research Team shared the report with Cyber ​​Security News that the use of Prynt information stealer is increasing. A common way threat actors configure Prynt is through a tool known as a “constructor”, so that the malware can then be configured effectively.

Prynt Malware Scan

A sample had recently been collected and analyzed from a public repository by CYFIRMA security analysts which contained an information stealer written in C/C++ and is a 32-bit console binary, dubbed “Prynt”.

From the infected systems, Prynt has the ability to steal the following critical information:-

  • Detail files and processes
  • Hide processes
  • Inject code into PE files
  • Steal credentials from web browsers
  • Registry changes
  • Backdoor network communication
  • Capture screenshots
  • Steal files from targeted directories
  • Collecting System Information

Prynt uses reverse engineering and forensic memory analysis for process injection. In order to inject the malicious code generated by Prynt into the legitimate AppLaunch.exe process, the threat actor uses this sophisticated technique.

It is possible that executing malicious code in another process allows the malicious code to access resources of that process, such as:-

Prynt static data

  • File: Prynt.Exe
  • Subsystem: Console
  • MD5: Bcd1e2dc3740bf5eb616e8249d1e2d9c
  • SHA1: 230f401260805638aa683280b86af2231cf73f93
  • SHA256: 04b528fa40c858bf8d49e1c78f0d9dd7e3bc824d79614244f5f104baae628f8f File type: PE32 executable (console) Intel 80386, for MS Windows

Targets and regions of origin

Threat actors from the following geographic regions were primarily responsible for the majority of attacks that relied on the “Prynt” information stealer:-

In these campaigns, threat actors have targeted entities from over 40 countries, and the targeted industries are:-

  • Multiline Retail
  • Health care
  • Automotive
  • Government
  • Industrial conglomerates
  • IT services
  • Financial services
  • Transpiration infrastructure
  • Media and Entertainment
  • oil and gas
  • Immovable
  • Food and drinks
  • Hospitality
  • Construction
  • Technology
  • Household product

Several threat actors reportedly used the Prynt information stealer along with the RedLine stealer as a way to expand the diversity of payloads used in their attacks.

Today’s threat landscape is dominated by information thieves, which are widespread forms of malware. Threat actors use information thieves mainly to steal system data and sensitive data stored in it.

Moreover, this information can be exploited by threat actors to carry out ransomware or other cyberattacks at a later stage.

Cyberattack with Zero Trust Networking – Download the free e-book

Comments are closed.