General
-
Target
PO comfirmation.gz
-
Size
214KB
-
Sample
210222-nxrgt7k2hj
-
MD5
56443028e0c91e5c420b166877fffae0
-
SHA1
dba2d241a690a63f23727f7a7ceb21dc7f24dc2e
-
SHA256
579303b7a0f24a0ec6510f2a1037b25eb1e18ba69b3997a788eb8f5641d7d8f4
-
SHA512
5c3ef52a48f41b2bc66862ddaf9532ba1ca14bbc58e6a456ab03ddcff9341a767707ab1fb013496436991a7878d70fd64dcd701f7272a9d6ed69ed356e9dc2ad
Malware Config
Targets
-
-
Target
frank_2021-02-22_02-03.exe
-
Size
347KB
-
MD5
5ae9b47fd2a505049a7f6f405f6f512c
-
SHA1
fe53ef52e27877450865d074ef2f3e67e2af2ca3
-
SHA256
708c8e26689e83a82460bfcf611f78eaf39ee6e77e12c23ea012489deb57e72c
-
SHA512
677ea2876ddf6ba738e7eee769c100264b4eaf850ffbf92dba531d1b0351b43ac235c70500bacea8ddd502aefc133ffa0330e855ca3a9eeb35cac300dfca4ec5
Score10/10-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-