General

  • Target

    32fd2a70ee80a40742fc4ab1f7f5d2353bba69268bff8802b8b52f3e83b69c91

  • Size

    447KB

  • Sample

    210501-ycswqh7382

  • MD5

    02698cf9635c3ccb437538a3de45e6da

  • SHA1

    d3cadd35ced354ce35e84331dc61c274454fd558

  • SHA256

    32fd2a70ee80a40742fc4ab1f7f5d2353bba69268bff8802b8b52f3e83b69c91

  • SHA512

    f131fa535e1a74095dd293ec0b2d0bf81d4988e5ab5e38d04205b4e1a07f2dad911f0136be1e188592cbd70f2feb7040b3eddbb13068fecd88c7dfbef962b01b

Malware Config

Targets

    • Target

      32fd2a70ee80a40742fc4ab1f7f5d2353bba69268bff8802b8b52f3e83b69c91

    • Size

      447KB

    • MD5

      02698cf9635c3ccb437538a3de45e6da

    • SHA1

      d3cadd35ced354ce35e84331dc61c274454fd558

    • SHA256

      32fd2a70ee80a40742fc4ab1f7f5d2353bba69268bff8802b8b52f3e83b69c91

    • SHA512

      f131fa535e1a74095dd293ec0b2d0bf81d4988e5ab5e38d04205b4e1a07f2dad911f0136be1e188592cbd70f2feb7040b3eddbb13068fecd88c7dfbef962b01b

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks