Static

static

KY6mW.exe

windows7_x64

10

KY6mW.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KY6mW.exe

  • Size

    940KB

  • Sample

    200723-skv75j6vgs

  • MD5

    91465c291a92591087e70caa0d4c3370

  • SHA1

    345fba0f611a59ddd30a8c87f793a80fbf82c50e

  • SHA256

    ab6c220ed37a3771afb540e7b1179aea65119d6e3da91d55af7f659f61541f42

  • SHA512

    d39d5256b4db45e8a5901a96341e2ca8e5f3dafa2b426227a1fe76f6268f8b2ca59a2c5ce332ea2f70a15287ae9a2703ca52c22dacd8beed54e0786f2b70a762

Score
10/10
taurus_stealerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      KY6mW.exe

    • Size

      940KB

    • MD5

      91465c291a92591087e70caa0d4c3370

    • SHA1

      345fba0f611a59ddd30a8c87f793a80fbf82c50e

    • SHA256

      ab6c220ed37a3771afb540e7b1179aea65119d6e3da91d55af7f659f61541f42

    • SHA512

      d39d5256b4db45e8a5901a96341e2ca8e5f3dafa2b426227a1fe76f6268f8b2ca59a2c5ce332ea2f70a15287ae9a2703ca52c22dacd8beed54e0786f2b70a762

    Score
    10/10
    taurus_stealerpersistencespywarestealertrojan

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

      trojanstealertaurus_stealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks