General

  • Target

    DHL Tracking info_AWB NO.cab

  • Size

    210KB

  • Sample

    210301-njapjspfsn

  • MD5

    77c3a27813fd93ebb201d65ea4dffa69

  • SHA1

    dfc44dec88197f16ee89deee1532b0496d15f05d

  • SHA256

    80616b96b75786c8f2d11eb715795f82554d29e8c56eede8526d2107dabb8ad6

  • SHA512

    15a175ee61a115ee32bb52d0388b460b4a795615b7d502a7bf0c23d36fc4b78e19b61e5d8b5e3e8c00884349f7d6a6565f06756f8bd0a4e352c43e37b9bd1132

Malware Config

Targets

    • Target

      PO# PO2021020371N.exe

    • Size

      291KB

    • MD5

      ce29efcf5510c0a9dcb38f62d50a5e8b

    • SHA1

      eb9a28d284303663ab5bbbab9e8cc7db88cf7a2f

    • SHA256

      9bec30afd640d68be28fef4e6b5abcc14d90b2c7293d7709619b8f9b9e685b7e

    • SHA512

      dee3945c894c586f1a4d42581796e1ce257cc5ec8a98368de391d664328ac7318163aff9edcd5eac9b9ab4c3b3407c2448add2d07b3863a74f513bf0541a77aa

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks