General

  • Target

    806697436F2D3569CABF4D43606F0A9F.exe

  • Size

    2.0MB

  • Sample

    210601-j5k4q9lfqx

  • MD5

    806697436f2d3569cabf4d43606f0a9f

  • SHA1

    e1713da12db7873d8682a4ae50bf570b6cada9e5

  • SHA256

    9934672222ba1c499e60bd3838783c433f10cea9be633cb9f6de7eab3c0db865

  • SHA512

    d4c6ef5f361dc2a82066a9f20776abd954fd3a09a528809da9dcca8f0e13e900a6626ca9dd1287476ce462ca9bbc227477f32dea817383383d4c7acaa4e4c8c6

Malware Config

Targets

    • Target

      806697436F2D3569CABF4D43606F0A9F.exe

    • Size

      2.0MB

    • MD5

      806697436f2d3569cabf4d43606f0a9f

    • SHA1

      e1713da12db7873d8682a4ae50bf570b6cada9e5

    • SHA256

      9934672222ba1c499e60bd3838783c433f10cea9be633cb9f6de7eab3c0db865

    • SHA512

      d4c6ef5f361dc2a82066a9f20776abd954fd3a09a528809da9dcca8f0e13e900a6626ca9dd1287476ce462ca9bbc227477f32dea817383383d4c7acaa4e4c8c6

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks