General

  • Target

    60580df56a0acf9033a460559bd5330b.exe

  • Size

    357KB

  • Sample

    210418-qzxlpscx9j

  • MD5

    60580df56a0acf9033a460559bd5330b

  • SHA1

    5414b1e9da7a8009afaf982b94c5c044a508646d

  • SHA256

    77d58783013a7d18f57937c53e5ac21840df059a8119b47c5c68dbc3a4809013

  • SHA512

    11441237d7536ed0ceaa4ff4457410973261b12d2bcdee70228918b01d97c960f2507a6dcf3e17ae3ab31a0cd3aa421925063818d7a3195ecf9859863ff25600

Malware Config

Targets

    • Target

      60580df56a0acf9033a460559bd5330b.exe

    • Size

      357KB

    • MD5

      60580df56a0acf9033a460559bd5330b

    • SHA1

      5414b1e9da7a8009afaf982b94c5c044a508646d

    • SHA256

      77d58783013a7d18f57937c53e5ac21840df059a8119b47c5c68dbc3a4809013

    • SHA512

      11441237d7536ed0ceaa4ff4457410973261b12d2bcdee70228918b01d97c960f2507a6dcf3e17ae3ab31a0cd3aa421925063818d7a3195ecf9859863ff25600

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks