General

  • Target

    11C493B1C2A4F8F2C9C61786EE882B63466FCB07126B0.exe

  • Size

    697KB

  • Sample

    210517-fqpk2spn92

  • MD5

    0be6ab4816802522b78b028573e9319a

  • SHA1

    a237b8fe0d498a6db268e09122a362738505f134

  • SHA256

    11c493b1c2a4f8f2c9c61786ee882b63466fcb07126b0d98a2ed2a3836ba36e7

  • SHA512

    9cd99fac517c5193217211ed74264a24285ed73ed0864391fa0a2db0e9d2ab129a52a39a629f5a216a6e0613effff70c8f72a0bfdaa9b2ae11f873804b57e13a

Malware Config

Targets

    • Target

      11C493B1C2A4F8F2C9C61786EE882B63466FCB07126B0.exe

    • Size

      697KB

    • MD5

      0be6ab4816802522b78b028573e9319a

    • SHA1

      a237b8fe0d498a6db268e09122a362738505f134

    • SHA256

      11c493b1c2a4f8f2c9c61786ee882b63466fcb07126b0d98a2ed2a3836ba36e7

    • SHA512

      9cd99fac517c5193217211ed74264a24285ed73ed0864391fa0a2db0e9d2ab129a52a39a629f5a216a6e0613effff70c8f72a0bfdaa9b2ae11f873804b57e13a

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Accesses 2FA software files, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks