ioc[.]one - OSINT Cyber Threat Intelligence Database

New MaaS Prysmax Launches Fully Undetectable Infostealer - CYFIRMA

Tags

country:	Spain
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086 Scripting - T1064 Windows Management Instrumentation - T1047 Scripting

Show in Graph

Common Information

Type	Value
UUID	7af920fc-a2f1-45ef-9dd7-557c1147e0d7
Fingerprint	9438fb35a933be93
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 1, 2023, midnight
Added to db	Oct. 24, 2023, 1:13 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	New MaaS Prysmax Launches Fully Undetectable Infostealer
Title	New MaaS Prysmax Launches Fully Undetectable Infostealer - CYFIRMA
Detected Hints/Tags/Attributes	85/3/18

Source URLs

	Redirection	Url
Details	Source	https://www.cyfirma.com/outofband/new-maas-prysmax-launches-fully-undetectable-infostealer/

URL Provider

Details	Provider	Source level domain
Details	cyfirma.com	www.cyfirma.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		lunarymc.xyz
Details	Domain	1		jghghghgjjg.lunarymc.xyz
Details	File	1		prysmax_file.exe
Details	File	13		c:\windows\system32\netsh.exe
Details	File	409		c:\windows\system32\cmd.exe
Details	File	1209		powershell.exe
Details	File	17		attack.exe
Details	sha256	1		16f902f7537f03d04d3ce308825a725734c028a57958a82f3ae6c8a837b7fd45
Details	sha256	1		051508e80d56c787f50fa36e95b013484cb57db7cffa86fdf314749dcf69c02d
Details	sha256	1		17048488f601aa25d2d24b60960abcea22f7ad108b06da2657f4c8539af53d0b
Details	sha256	1		0918ec2719149bd59d058b70bf683775a4d39fa8d24614236062034558d1e0be
Details	sha256	1		8d09ef6bb0a751d4efd06a59d55506cfecccbae5847c503066373d68f431b821
Details	Windows Registry Key	1		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NombreDescriptivo
Details	Windows Registry Key	1		HKLM\System\CurrentControlSet\Services\IKEEXT\Start
Details	Windows Registry Key	1		HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
Details	Windows Registry Key	1		HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall
Details	Windows Registry Key	1		HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Details	Windows Registry Key	1		HKU\S-1-5-21-4270068108-2931534202-3907561125-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\exefile