General

  • Target

    DOCUMENT FILE.exe

  • Size

    360KB

  • Sample

    210118-a7cxswypve

  • MD5

    fbe426a8d46b433667c3a30f38c703ab

  • SHA1

    bed53dc755559ecc8ed6a84f7efbe877937324de

  • SHA256

    847fa8413751c698b7cb1f258a4365d8e50915e4811fa916308f6b0e18cbc17d

  • SHA512

    8c22771d773da05bb36d0f4285c25b61157ad42c044d6029f98103b755b5567b2964d225fd18d9d0295bb25a002ba8c9dec9a9567862822ced0ea108f26c8956

Malware Config

Targets

    • Target

      DOCUMENT FILE.exe

    • Size

      360KB

    • MD5

      fbe426a8d46b433667c3a30f38c703ab

    • SHA1

      bed53dc755559ecc8ed6a84f7efbe877937324de

    • SHA256

      847fa8413751c698b7cb1f258a4365d8e50915e4811fa916308f6b0e18cbc17d

    • SHA512

      8c22771d773da05bb36d0f4285c25b61157ad42c044d6029f98103b755b5567b2964d225fd18d9d0295bb25a002ba8c9dec9a9567862822ced0ea108f26c8956

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks