General

  • Target

    99dde9da29c6910dd9773b2ef68a8876.exe

  • Size

    358KB

  • Sample

    210418-excgqw1cga

  • MD5

    99dde9da29c6910dd9773b2ef68a8876

  • SHA1

    55a0a12e629ee950c40571696addd5c187077e16

  • SHA256

    0d9b7c9cd4ffb270fd1db3a421dbb657811fc34bf3437517e8e574131839c42b

  • SHA512

    f6134d951b37064250b35a3f6be95e904e6187ac8582d18616afc09783d1644c76c30ed7101797c68eaff47f1fa6b5268e63cb6d1c05d07eddd7d269c5879635

Malware Config

Targets

    • Target

      99dde9da29c6910dd9773b2ef68a8876.exe

    • Size

      358KB

    • MD5

      99dde9da29c6910dd9773b2ef68a8876

    • SHA1

      55a0a12e629ee950c40571696addd5c187077e16

    • SHA256

      0d9b7c9cd4ffb270fd1db3a421dbb657811fc34bf3437517e8e574131839c42b

    • SHA512

      f6134d951b37064250b35a3f6be95e904e6187ac8582d18616afc09783d1644c76c30ed7101797c68eaff47f1fa6b5268e63cb6d1c05d07eddd7d269c5879635

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks