In order to produce complex and sophisticated attacks, information stealers such as “Prynt” are used by threat actors.
They use these stealers to steal essential information from targeted organizations and individuals. These complex attacks also enable the threat actors to deploy sophisticated payloads and ransomware.
Recently, the cybersecurity analysts at CYFIRMA Research team shared the report to Cyber Security News that the use of Prynt info stealer is on the rise. a common way in which threat actors configure Prynt is with the help of a tool known as a “builder,” so that the malware can then be configured efficiently.
Prynt Malware Analysis
A sample had been recently collected and analyzed from a public repository by the security analysts at CYFIRMA that contained an infostealer that is written in C/C++ and is a 32-bit console binary, dubbed “Prynt.”
From the infected systems, Prynt has the ability to steal the following essential information:-
- Itemizing files and processes
- Hiding the processes
- Injecting the code into PE files
- Steal credentials from web browsers
- Registry changes
- Network communication through backdoor
- Capture screenshots
- Steal files from the targeted directories
- Gathering System Information
Prynt makes use of reverse engineering and memory forensics analysis for process injection. In order to inject the malicious code generated by Prynt into the legitimate AppLaunch.exe process, the threat actor uses this sophisticated technique.
There is a possibility that running malicious code within another process may allow the malicious code to access the resources of that process, such as:-
Prynt Static Data
- File: Prynt.Exe
- Subsystem: Console
- MD5: Bcd1e2dc3740bf5eb616e8249d1e2d9c
- SHA1: 230f401260805638aa683280b86af2231cf73f93
- SHA256: 04b528fa40c858bf8d49e1c78f0d9dd7e3bc824d79614244f5f104baae628f8f File Type: PE32 Executable (Console) Intel 80386, For MS Windows
Targets & Originating Regions
Threat actors from the following geographical regions have been primarily responsible for the majority of the attacks that relied on “Prynt” info stealer:-
- North Korea
In these campaigns, the threat actors targeted entities from more than 40 nations, and the industries targeted are:-
- Multiline Retail
- Health Care
- Industrial Conglomerates
- IT Services
- Financial Services
- Transpiration Infrastructure
- Media & Entertainment
- Oil and Gas
- Real Estate
- Food & Beverages
- Household Product
Several Threat Actors have reportedly been using the Prynt infostealer together with RedLine stealer as a means to enlarge the diversity of the payloads used in their attacks.
The current threat landscape is dominated by information stealers, which are widely prevalent forms of malware. Threat actors use the info stealers mainly to steal system data and the sensitive data stored on it.
Further, this information can be exploited by threat actors to conduct ransomware or other cyber attacks at a later stage.
Cyber Attack with Zero Trust Networking – Download Free E-Book