General

  • Target

    PO# PO2021020371N.exe

  • Size

    291KB

  • Sample

    210301-9jzyt9achs

  • MD5

    ce29efcf5510c0a9dcb38f62d50a5e8b

  • SHA1

    eb9a28d284303663ab5bbbab9e8cc7db88cf7a2f

  • SHA256

    9bec30afd640d68be28fef4e6b5abcc14d90b2c7293d7709619b8f9b9e685b7e

  • SHA512

    dee3945c894c586f1a4d42581796e1ce257cc5ec8a98368de391d664328ac7318163aff9edcd5eac9b9ab4c3b3407c2448add2d07b3863a74f513bf0541a77aa

Malware Config

Targets

    • Target

      PO# PO2021020371N.exe

    • Size

      291KB

    • MD5

      ce29efcf5510c0a9dcb38f62d50a5e8b

    • SHA1

      eb9a28d284303663ab5bbbab9e8cc7db88cf7a2f

    • SHA256

      9bec30afd640d68be28fef4e6b5abcc14d90b2c7293d7709619b8f9b9e685b7e

    • SHA512

      dee3945c894c586f1a4d42581796e1ce257cc5ec8a98368de391d664328ac7318163aff9edcd5eac9b9ab4c3b3407c2448add2d07b3863a74f513bf0541a77aa

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks