General
-
Target
6b37d35716224640ab1970852d0dc7d7.exe
-
Size
357KB
-
Sample
210418-m1rxclnzxx
-
MD5
6b37d35716224640ab1970852d0dc7d7
-
SHA1
8835646873e64ff3a6b3e4177b7ed75d8f840762
-
SHA256
d26a98d84423d1b79e2f01fe69e09c3fe65841ceb59c1c36b12b84aaafcb77e9
-
SHA512
afbdb041f9bfadd80050a2fc92cff7c99639b22acb290d97f0bf37d018123d26edf1cb2976bda72785f36da8024772318685ba8ecf95340fddc67ed6a48b0453
Malware Config
Targets
-
-
Target
6b37d35716224640ab1970852d0dc7d7.exe
-
Size
357KB
-
MD5
6b37d35716224640ab1970852d0dc7d7
-
SHA1
8835646873e64ff3a6b3e4177b7ed75d8f840762
-
SHA256
d26a98d84423d1b79e2f01fe69e09c3fe65841ceb59c1c36b12b84aaafcb77e9
-
SHA512
afbdb041f9bfadd80050a2fc92cff7c99639b22acb290d97f0bf37d018123d26edf1cb2976bda72785f36da8024772318685ba8ecf95340fddc67ed6a48b0453
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Taurus Stealer Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-