They use these stealers to steal essential information from targeted organizations and individuals. These complex attacks also enable the threat actors to deploy sophisticated payloads and ransomware.
Recently, the cybersecurity analysts at CYFIRMA Research team identified that the use of Prynt info stealer is on the rise.
A common way in which threat actors configure Prynt is with the help of a tool known as a “builder,” so that the malware can then be configured efficiently.
There is a possibility that running malicious code within another process may allow the malicious code to access the resources of that process, such as:-
Prynt Static Data
- File: Prynt.Exe
- Subsystem: Console
- MD5: Bcd1e2dc3740bf5eb616e8249d1e2d9c
- SHA1: 230f401260805638aa683280b86af2231cf73f93
- SHA256: 04b528fa40c858bf8d49e1c78f0d9dd7e3bc824d79614244f5f104baae628f8f File Type: PE32 Executable (Console) Intel 80386, For MS Windows
Targets & Originating Regions
Threat actors from the following geographical regions have been primarily responsible for the majority of the attacks that relied on “Prynt” info stealer:-
- North Korea
In these campaigns, the threat actors targeted entities from more than 40 nations, and the industries targeted are:-
- Multiline Retail
- Health Care
- Industrial Conglomerates
- IT Services
- Financial Services
- Transpiration Infrastructure
- Media & Entertainment
- Oil and Gas
- Real Estate
- Food & Beverages
- Household Product
Several Threat Actors have reportedly been using the Prynt infostealer together with RedLine stealer as a means to enlarge the diversity of the payloads used in their attacks.
The current threat landscape is dominated by information stealers, which are widely prevalent forms of malware. Threat actors use the infostealers mainly to steal system data and the sensitive data stored on it.
Further, this information can be exploited by threat actors to conduct ransomware or other cyber attacks at a later stage.