Analysis Overview
SHA256
822ae7996b6e1b6c0ff14ff5f1a4be87558cbfbe9fdb7333761665d5ea18fc1e
Threat Level: Known bad
The file 5661004067012608.zip was found to be: Known bad.
Malicious Activity Summary
Taurus Stealer Payload
Taurus family
Reads user/profile data of web browsers
Accesses 2FA software files, possible credential harvesting
Checks installed software on the system
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2021-06-23 06:28
Signatures
Taurus Stealer Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Taurus family
Analysis: behavioral1
Detonation Overview
Submitted
2021-06-23 06:28
Reported
2021-06-23 06:33
Platform
win7v20210410
Max time kernel
136s
Max time network
173s
Command Line
Signatures
Reads user/profile data of web browsers
Accesses 2FA software files, possible credential harvesting
Checks installed software on the system
Processes
C:\Users\Admin\AppData\Local\Temp\6532a3f11edcd62c73ece88b5e3e118b09ff23c495217d0a71d2bf71aedbcc5e.exe
"C:\Users\Admin\AppData\Local\Temp\6532a3f11edcd62c73ece88b5e3e118b09ff23c495217d0a71d2bf71aedbcc5e.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | dmpfdmserv275.xyz | udp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
Files
memory/1672-59-0x0000000075721000-0x0000000075723000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2021-06-23 06:28
Reported
2021-06-23 06:32
Platform
win10v20210410
Max time kernel
150s
Max time network
141s
Command Line
Signatures
Reads user/profile data of web browsers
Accesses 2FA software files, possible credential harvesting
Checks installed software on the system
Processes
C:\Users\Admin\AppData\Local\Temp\6532a3f11edcd62c73ece88b5e3e118b09ff23c495217d0a71d2bf71aedbcc5e.exe
"C:\Users\Admin\AppData\Local\Temp\6532a3f11edcd62c73ece88b5e3e118b09ff23c495217d0a71d2bf71aedbcc5e.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | dmpfdmserv275.xyz | udp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | dmpfdmserv275.xyz | tcp |
| N/A | 45.147.230.122:80 | tcp |