General
-
Target
ed8a7ffec56f450a365e758012db092883bbd23565f3f.exe
-
Size
784KB
-
Sample
210325-ltl31c3mes
-
MD5
1d963f2296c5363f16dff1165cb8e413
-
SHA1
15f699a8a754a937081a27ab75d4a793b82993e6
-
SHA256
ed8a7ffec56f450a365e758012db092883bbd23565f3f9fbb004c189fb703de3
-
SHA512
a76bf1f1398800ee0a09088d42dc38ce2d42b66e24a8cb4c97f1c055702483193467b562740c808106fa813614425304993f16e9a101e1e8202deec4ef65e2be
Malware Config
Targets
-
-
Target
ed8a7ffec56f450a365e758012db092883bbd23565f3f.exe
-
Size
784KB
-
MD5
1d963f2296c5363f16dff1165cb8e413
-
SHA1
15f699a8a754a937081a27ab75d4a793b82993e6
-
SHA256
ed8a7ffec56f450a365e758012db092883bbd23565f3f9fbb004c189fb703de3
-
SHA512
a76bf1f1398800ee0a09088d42dc38ce2d42b66e24a8cb4c97f1c055702483193467b562740c808106fa813614425304993f16e9a101e1e8202deec4ef65e2be
Score10/10-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-