KY6mW.exe

General
Target

KY6mW.exe

Size

940KB

Sample

200723-skv75j6vgs

Score
10 /10
MD5

91465c291a92591087e70caa0d4c3370

SHA1

345fba0f611a59ddd30a8c87f793a80fbf82c50e

SHA256

ab6c220ed37a3771afb540e7b1179aea65119d6e3da91d55af7f659f61541f42

SHA512

d39d5256b4db45e8a5901a96341e2ca8e5f3dafa2b426227a1fe76f6268f8b2ca59a2c5ce332ea2f70a15287ae9a2703ca52c22dacd8beed54e0786f2b70a762

Malware Config
Targets
Target

KY6mW.exe

MD5

91465c291a92591087e70caa0d4c3370

Filesize

940KB

Score
10 /10
SHA1

345fba0f611a59ddd30a8c87f793a80fbf82c50e

SHA256

ab6c220ed37a3771afb540e7b1179aea65119d6e3da91d55af7f659f61541f42

SHA512

d39d5256b4db45e8a5901a96341e2ca8e5f3dafa2b426227a1fe76f6268f8b2ca59a2c5ce332ea2f70a15287ae9a2703ca52c22dacd8beed54e0786f2b70a762

Tags

Signatures

  • Taurus Stealer

    Description

    Taurus is an infostealer first seen in June 2020.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                behavioral2

                8/10