taurus | 2713778531071a2f5e9d1166b2e55ed95afeaaa7b839bd504c7453448f583cee

Analysis

Target

777e7861b422ef1f95ab21140b165507.exe
Size

344KB
MD5

777e7861b422ef1f95ab21140b165507
SHA1

3d8352d71ea8b7d815f49793534f2c0c4976f324
SHA256

2713778531071a2f5e9d1166b2e55ed95afeaaa7b839bd504c7453448f583cee
SHA512

a80e5c4a8797b730416d2e651891aa1e5f6b5f3c4b0561eacdd3da178ece2d5d2ddd58b2a41c918a82fb65b7bef7a9ddc3c090c572e2466ca153552a89a3fa5b

Score

10^/10

Taurus Stealer
Taurus is an infostealer first seen in June 2020.
trojan stealer taurus

Taurus Stealer Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/296-61-0x00000000003C0000-0x00000000003F8000-memory.dmp	family_taurus_stealer
behavioral1/memory/296-62-0x0000000000400000-0x0000000000483000-memory.dmp	family_taurus_stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses 2FA software files, possible credential harvesting 2 TTPs
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\777e7861b422ef1f95ab21140b165507.exe
"C:\Users\Admin\AppData\Local\Temp\777e7861b422ef1f95ab21140b165507.exe"
1⤵
PID:296

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/296-60-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/296-61-0x00000000003C0000-0x00000000003F8000-memory.dmp

Filesize
224KB

Download
memory/296-62-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download