General

  • Target

    d2oTZi7ch8PI158sI47X.exe

  • Size

    692KB

  • Sample

    210505-cetqvt7mea

  • MD5

    c6bd2c9337b4a6e538216a03c5f3cab4

  • SHA1

    25b2284b22519b4d0e502686f50a92e3573d58bd

  • SHA256

    fd869ff7e007fdcd795c2da3566fa44552a5588956d444218ca833c14286f764

  • SHA512

    60c09512b42c700c3e9d7401e447f220dbbed39186dfd95c2e9aeb509e845f25646d0ac36edca00bcfd0527e80b74c8baf31a76683129b2aec88a749335866ee

Malware Config

Targets

    • Target

      d2oTZi7ch8PI158sI47X.exe

    • Size

      692KB

    • MD5

      c6bd2c9337b4a6e538216a03c5f3cab4

    • SHA1

      25b2284b22519b4d0e502686f50a92e3573d58bd

    • SHA256

      fd869ff7e007fdcd795c2da3566fa44552a5588956d444218ca833c14286f764

    • SHA512

      60c09512b42c700c3e9d7401e447f220dbbed39186dfd95c2e9aeb509e845f25646d0ac36edca00bcfd0527e80b74c8baf31a76683129b2aec88a749335866ee

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Accesses 2FA software files, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks