General
-
Target
f3f35dcb69fca49ae55a22812770ecb2.exe
-
Size
774KB
-
Sample
210329-3y31tv9mha
-
MD5
f3f35dcb69fca49ae55a22812770ecb2
-
SHA1
eb8c95dc050978d10c05073b0d5311f86da986ed
-
SHA256
a3d26db7812778043abdf20ad3ff5caf68be3752fcd33de75d1bea8f515ed3d2
-
SHA512
098d6f2f768811004ef87b51074fbbd9d36ee483cce637efe1f97dae0bec1bcc7c37e737d9ddb082cd1870c7c0952b334b4dbd07a7eb2b293b7a2646a7e10632
Malware Config
Targets
-
-
Target
f3f35dcb69fca49ae55a22812770ecb2.exe
-
Size
774KB
-
MD5
f3f35dcb69fca49ae55a22812770ecb2
-
SHA1
eb8c95dc050978d10c05073b0d5311f86da986ed
-
SHA256
a3d26db7812778043abdf20ad3ff5caf68be3752fcd33de75d1bea8f515ed3d2
-
SHA512
098d6f2f768811004ef87b51074fbbd9d36ee483cce637efe1f97dae0bec1bcc7c37e737d9ddb082cd1870c7c0952b334b4dbd07a7eb2b293b7a2646a7e10632
Score10/10-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-