211b48c0312c2395ab4f4d248016f6d4.exe

General
Target

211b48c0312c2395ab4f4d248016f6d4.exe

Size

357KB

Sample

210418-wmtfvvq5sx

Score
10 /10
MD5

211b48c0312c2395ab4f4d248016f6d4

SHA1

5380d7078eaa9a6ebbc592f2f0f9525bbae6a9e3

SHA256

00a4647a53a0366092f6ee9571244ca44546e8b92998e654c4168ff1cccb439b

SHA512

64ab86886140d92ed7c4524dc0eb3f39d2c65e75789ff555eb01675fe3895caedd8159002c1d16570775b18ef5a885173c25c3d4f24df0c049dcb4adefc28467

Malware Config
Targets
Target

211b48c0312c2395ab4f4d248016f6d4.exe

MD5

211b48c0312c2395ab4f4d248016f6d4

Filesize

357KB

Score
10 /10
SHA1

5380d7078eaa9a6ebbc592f2f0f9525bbae6a9e3

SHA256

00a4647a53a0366092f6ee9571244ca44546e8b92998e654c4168ff1cccb439b

SHA512

64ab86886140d92ed7c4524dc0eb3f39d2c65e75789ff555eb01675fe3895caedd8159002c1d16570775b18ef5a885173c25c3d4f24df0c049dcb4adefc28467

Tags

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Taurus Stealer

    Description

    Taurus is an infostealer first seen in June 2020.

    Tags

  • Taurus Stealer Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses 2FA software files, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1