General

  • Target

    1bd38d6f2cf073283c9b79c555f9ca0d.exe

  • Size

    344KB

  • Sample

    210418-1tyc7vs556

  • MD5

    1bd38d6f2cf073283c9b79c555f9ca0d

  • SHA1

    f0f7586173b1c5ddcd4f5f9b3511945669fd7239

  • SHA256

    2d112aebd685269e3a26aaeca52f6f2691845fc13864c9fb7d463c5f6c032f66

  • SHA512

    5fd623d069118d3bb2cdac46e0c34c50d9df4a91e1559ec62d9743bfc5f5a3550e6836be0c26b647402b451ff42a388f0be6d7570ee1cec929e39bea7ae153aa

Malware Config

Targets

    • Target

      1bd38d6f2cf073283c9b79c555f9ca0d.exe

    • Size

      344KB

    • MD5

      1bd38d6f2cf073283c9b79c555f9ca0d

    • SHA1

      f0f7586173b1c5ddcd4f5f9b3511945669fd7239

    • SHA256

      2d112aebd685269e3a26aaeca52f6f2691845fc13864c9fb7d463c5f6c032f66

    • SHA512

      5fd623d069118d3bb2cdac46e0c34c50d9df4a91e1559ec62d9743bfc5f5a3550e6836be0c26b647402b451ff42a388f0be6d7570ee1cec929e39bea7ae153aa

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks