General

  • Target

    cfa6f2082f8765e489c59290f1b1ef31.exe

  • Size

    357KB

  • Sample

    210418-3qaqm6r3bs

  • MD5

    cfa6f2082f8765e489c59290f1b1ef31

  • SHA1

    dbe9a5f1e7b6f333e8872c2233beb795396ea130

  • SHA256

    47b53753c746c7f218f59e32ebdf9e563d50a0eaab3e35c04e6a8e986eeebe36

  • SHA512

    dd58406efecac7433185ad293f4d2a33a5572e1a6bb4c9d57bb805e694c771b9e11e83a1b3bbd7f8adcf5b2e02a40839a7734871df396780ac8a9d612b3919b7

Malware Config

Targets

    • Target

      cfa6f2082f8765e489c59290f1b1ef31.exe

    • Size

      357KB

    • MD5

      cfa6f2082f8765e489c59290f1b1ef31

    • SHA1

      dbe9a5f1e7b6f333e8872c2233beb795396ea130

    • SHA256

      47b53753c746c7f218f59e32ebdf9e563d50a0eaab3e35c04e6a8e986eeebe36

    • SHA512

      dd58406efecac7433185ad293f4d2a33a5572e1a6bb4c9d57bb805e694c771b9e11e83a1b3bbd7f8adcf5b2e02a40839a7734871df396780ac8a9d612b3919b7

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks