taurus_stealer | 5aac756ea6972d035e0d7c5d33867a621aef20e723e30eb57af2b42c05233964 | Triage

Sharing

General

Target

ce29efcf5510c0a9dcb38f62d50a5e8b.zip
Size

219KB
Sample

210301-4cqdkp82k2
MD5

b68045eabd46d5c2239c29bbac638908
SHA1

bd0ec8c3f986bdf9760316dd0eeb2f05918244f4
SHA256

5aac756ea6972d035e0d7c5d33867a621aef20e723e30eb57af2b42c05233964
SHA512

ab64376c4cd2e84ba5724817fa347016652001eb82e436fa1a198ebba2aa6263e805c1e585354ebc16a1c47079c84639d3c6cd941f5d2f211ac873a519f45201

Score

10^/10

taurus_stealer discovery spyware stealer trojan

Malware Config

Targets

- Target
  
  9bec30afd640d68be28fef4e6b5abcc14d90b2c7293d7709619b8f9b9e685b7e
- Size
  
  291KB
- MD5
  
  ce29efcf5510c0a9dcb38f62d50a5e8b
- SHA1
  
  eb9a28d284303663ab5bbbab9e8cc7db88cf7a2f
- SHA256
  
  9bec30afd640d68be28fef4e6b5abcc14d90b2c7293d7709619b8f9b9e685b7e
- SHA512
  
  dee3945c894c586f1a4d42581796e1ce257cc5ec8a98368de391d664328ac7318163aff9edcd5eac9b9ab4c3b3407c2448add2d07b3863a74f513bf0541a77aa
Score

10^/10

taurus_stealer discovery spyware stealer trojan
- Taurus Stealer
  Taurus is an infostealer first seen in June 2020.
  trojan stealer taurus_stealer
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

taurus_stealerdiscoveryspywarestealertrojan

behavioral2

discoveryspywarestealer