Overview

overview

10

Static

static

f3f35dcb69...b2.exe

windows7_x64

10

f3f35dcb69...b2.exe

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3f35dcb69fca49ae55a22812770ecb2.exe

  • Size

    774KB

  • Sample

    210329-3y31tv9mha

  • MD5

    f3f35dcb69fca49ae55a22812770ecb2

  • SHA1

    eb8c95dc050978d10c05073b0d5311f86da986ed

  • SHA256

    a3d26db7812778043abdf20ad3ff5caf68be3752fcd33de75d1bea8f515ed3d2

  • SHA512

    098d6f2f768811004ef87b51074fbbd9d36ee483cce637efe1f97dae0bec1bcc7c37e737d9ddb082cd1870c7c0952b334b4dbd07a7eb2b293b7a2646a7e10632

Score
10/10
taurus_stealervidardiscoverypersistencespywarestealertrojan

Malware Config

Targets

    • Target

      f3f35dcb69fca49ae55a22812770ecb2.exe

    • Size

      774KB

    • MD5

      f3f35dcb69fca49ae55a22812770ecb2

    • SHA1

      eb8c95dc050978d10c05073b0d5311f86da986ed

    • SHA256

      a3d26db7812778043abdf20ad3ff5caf68be3752fcd33de75d1bea8f515ed3d2

    • SHA512

      098d6f2f768811004ef87b51074fbbd9d36ee483cce637efe1f97dae0bec1bcc7c37e737d9ddb082cd1870c7c0952b334b4dbd07a7eb2b293b7a2646a7e10632

    Score
    10/10
    taurus_stealervidardiscoverypersistencespywarestealertrojan

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

      trojanstealertaurus_stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks