General

  • Target

    1f7e656cf2ef6e41eecacd7f9fdd258b.exe

  • Size

    358KB

  • Sample

    210418-fd4nnf9dan

  • MD5

    1f7e656cf2ef6e41eecacd7f9fdd258b

  • SHA1

    bba474e9cfc5d0c44ef61e61bfdf963c2a575cb3

  • SHA256

    50bd910698476cea1b75d0290d60445b8e6afb51e4fc1dbef0d11b16ef799357

  • SHA512

    bb602cad813ef031d35295da25164f3b483a079fe2b90cc88a5e1bb73b02a2832f314778fe4d0d9baa7be562183cc32e094911b918e8a68fba007d8043f3bae0

Malware Config

Targets

    • Target

      1f7e656cf2ef6e41eecacd7f9fdd258b.exe

    • Size

      358KB

    • MD5

      1f7e656cf2ef6e41eecacd7f9fdd258b

    • SHA1

      bba474e9cfc5d0c44ef61e61bfdf963c2a575cb3

    • SHA256

      50bd910698476cea1b75d0290d60445b8e6afb51e4fc1dbef0d11b16ef799357

    • SHA512

      bb602cad813ef031d35295da25164f3b483a079fe2b90cc88a5e1bb73b02a2832f314778fe4d0d9baa7be562183cc32e094911b918e8a68fba007d8043f3bae0

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks