taurus_stealer | ab6c220ed37a3771afb540e7b1179aea65119d6e3da91d55af7f659f61541f42 | Triage

Sharing

General

Target

KY6mW.exe
Size

940KB
Sample

200723-skv75j6vgs
MD5

91465c291a92591087e70caa0d4c3370
SHA1

345fba0f611a59ddd30a8c87f793a80fbf82c50e
SHA256

ab6c220ed37a3771afb540e7b1179aea65119d6e3da91d55af7f659f61541f42
SHA512

d39d5256b4db45e8a5901a96341e2ca8e5f3dafa2b426227a1fe76f6268f8b2ca59a2c5ce332ea2f70a15287ae9a2703ca52c22dacd8beed54e0786f2b70a762

Score

10^/10

taurus_stealer persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  KY6mW.exe
- Size
  
  940KB
- MD5
  
  91465c291a92591087e70caa0d4c3370
- SHA1
  
  345fba0f611a59ddd30a8c87f793a80fbf82c50e
- SHA256
  
  ab6c220ed37a3771afb540e7b1179aea65119d6e3da91d55af7f659f61541f42
- SHA512
  
  d39d5256b4db45e8a5901a96341e2ca8e5f3dafa2b426227a1fe76f6268f8b2ca59a2c5ce332ea2f70a15287ae9a2703ca52c22dacd8beed54e0786f2b70a762
Score

10^/10

taurus_stealer persistence spyware stealer trojan
- Taurus Stealer
  Taurus is an infostealer first seen in June 2020.
  trojan stealer taurus_stealer
- Executes dropped EXE
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

taurus_stealerpersistencespywarestealertrojan

behavioral2