Prynt – Stealthy Malware Written in C/C++ Steal Directories, Credentials Using Process Injection

In Cybersecurity News - Original News Source is by Blog Writer

Post Sharing
In order to produce complex and sophisticated attacks, information stealers such as “Prynt” are used by threat actors.

They use these stealers to steal essential information from targeted organizations and individuals. These complex attacks also enable the threat actors to deploy sophisticated payloads and ransomware.

Recently, the cybersecurity analysts at CYFIRMA Research team identified that the use of Prynt info stealer is on the rise.

A common way in which threat actors configure Prynt is with the help of a tool known as a “builder,” so that the malware can then be configured efficiently.

There is a possibility that running malicious code within another process may allow the malicious code to access the resources of that process, such as:-

  • Memory
  • System
  • Network

Prynt Static Data

  • File: Prynt.Exe
  • Subsystem: Console
  • MD5: Bcd1e2dc3740bf5eb616e8249d1e2d9c
  • SHA1: 230f401260805638aa683280b86af2231cf73f93
  • SHA256: 04b528fa40c858bf8d49e1c78f0d9dd7e3bc824d79614244f5f104baae628f8f File Type: PE32 Executable (Console) Intel 80386, For MS Windows

Targets & Originating Regions

Threat actors from the following geographical regions have been primarily responsible for the majority of the attacks that relied on “Prynt” info stealer:-

  • Russia
  • China
  • North Korea

In these campaigns, the threat actors targeted entities from more than 40 nations, and the industries targeted are:-

  • Multiline Retail
  • Health Care
  • Automotives
  • Government
  • Industrial Conglomerates
  • IT Services
  • Financial Services
  • Transpiration Infrastructure
  • Media & Entertainment
  • Oil and Gas
  • Real Estate
  • Food & Beverages
  • Hospitality
  • Construction
  • Technology
  • Household Product

Several Threat Actors have reportedly been using the Prynt infostealer together with RedLine stealer as a means to enlarge the diversity of the payloads used in their attacks.

The current threat landscape is dominated by information stealers, which are widely prevalent forms of malware. Threat actors use the infostealers mainly to steal system data and the sensitive data stored on it.

Further, this information can be exploited by threat actors to conduct ransomware or other cyber attacks at a later stage.