General

  • Target

    frank_2021-02-22_02-03.exe

  • Size

    347KB

  • Sample

    210222-6k12vrznte

  • MD5

    5ae9b47fd2a505049a7f6f405f6f512c

  • SHA1

    fe53ef52e27877450865d074ef2f3e67e2af2ca3

  • SHA256

    708c8e26689e83a82460bfcf611f78eaf39ee6e77e12c23ea012489deb57e72c

  • SHA512

    677ea2876ddf6ba738e7eee769c100264b4eaf850ffbf92dba531d1b0351b43ac235c70500bacea8ddd502aefc133ffa0330e855ca3a9eeb35cac300dfca4ec5

Malware Config

Targets

    • Target

      frank_2021-02-22_02-03.exe

    • Size

      347KB

    • MD5

      5ae9b47fd2a505049a7f6f405f6f512c

    • SHA1

      fe53ef52e27877450865d074ef2f3e67e2af2ca3

    • SHA256

      708c8e26689e83a82460bfcf611f78eaf39ee6e77e12c23ea012489deb57e72c

    • SHA512

      677ea2876ddf6ba738e7eee769c100264b4eaf850ffbf92dba531d1b0351b43ac235c70500bacea8ddd502aefc133ffa0330e855ca3a9eeb35cac300dfca4ec5

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks