General

  • Target

    c9b5203de5dcfcacef457d81feba5f0d.exe

  • Size

    345KB

  • Sample

    210418-h8g4xz1y1e

  • MD5

    c9b5203de5dcfcacef457d81feba5f0d

  • SHA1

    370c8b0935a60595b193d31a3779599a7d3b643c

  • SHA256

    6c5d7642a58d60f603a1931f20977219becef21e957641a250c272c3fab74b2d

  • SHA512

    7e33d238e2478413581afd237076f22ab0dc0c07c202161733e0f863e2d315b51f19c3b9a2b9dc049c3550abe234b80fde7c295c94d6432a9955965ed7a1385c

Malware Config

Targets

    • Target

      c9b5203de5dcfcacef457d81feba5f0d.exe

    • Size

      345KB

    • MD5

      c9b5203de5dcfcacef457d81feba5f0d

    • SHA1

      370c8b0935a60595b193d31a3779599a7d3b643c

    • SHA256

      6c5d7642a58d60f603a1931f20977219becef21e957641a250c272c3fab74b2d

    • SHA512

      7e33d238e2478413581afd237076f22ab0dc0c07c202161733e0f863e2d315b51f19c3b9a2b9dc049c3550abe234b80fde7c295c94d6432a9955965ed7a1385c

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks