6b37d35716224640ab1970852d0dc7d7.exe

General
Target

6b37d35716224640ab1970852d0dc7d7.exe

Size

357KB

Sample

210418-m1rxclnzxx

Score
10 /10
MD5

6b37d35716224640ab1970852d0dc7d7

SHA1

8835646873e64ff3a6b3e4177b7ed75d8f840762

SHA256

d26a98d84423d1b79e2f01fe69e09c3fe65841ceb59c1c36b12b84aaafcb77e9

SHA512

afbdb041f9bfadd80050a2fc92cff7c99639b22acb290d97f0bf37d018123d26edf1cb2976bda72785f36da8024772318685ba8ecf95340fddc67ed6a48b0453

Malware Config
Targets
Target

6b37d35716224640ab1970852d0dc7d7.exe

MD5

6b37d35716224640ab1970852d0dc7d7

Filesize

357KB

Score
10 /10
SHA1

8835646873e64ff3a6b3e4177b7ed75d8f840762

SHA256

d26a98d84423d1b79e2f01fe69e09c3fe65841ceb59c1c36b12b84aaafcb77e9

SHA512

afbdb041f9bfadd80050a2fc92cff7c99639b22acb290d97f0bf37d018123d26edf1cb2976bda72785f36da8024772318685ba8ecf95340fddc67ed6a48b0453

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Taurus Stealer

    Description

    Taurus is an infostealer first seen in June 2020.

    Tags

  • Taurus Stealer Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1