Malware Analysis Report

2024-10-23 17:13

Sample ID 210623-pv26gyb2k2
Target 5661004067012608.zip
SHA256 822ae7996b6e1b6c0ff14ff5f1a4be87558cbfbe9fdb7333761665d5ea18fc1e
Tags
taurus discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

822ae7996b6e1b6c0ff14ff5f1a4be87558cbfbe9fdb7333761665d5ea18fc1e

Threat Level: Known bad

The file 5661004067012608.zip was found to be: Known bad.

Malicious Activity Summary

taurus discovery spyware stealer

Taurus Stealer Payload

Taurus family

Reads user/profile data of web browsers

Accesses 2FA software files, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2021-06-23 06:28

Signatures

Taurus Stealer Payload

Description Indicator Process Target
N/A N/A N/A N/A

Taurus family

taurus

Analysis: behavioral1

Detonation Overview

Submitted

2021-06-23 06:28

Reported

2021-06-23 06:33

Platform

win7v20210410

Max time kernel

136s

Max time network

173s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6532a3f11edcd62c73ece88b5e3e118b09ff23c495217d0a71d2bf71aedbcc5e.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Checks installed software on the system

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\6532a3f11edcd62c73ece88b5e3e118b09ff23c495217d0a71d2bf71aedbcc5e.exe

"C:\Users\Admin\AppData\Local\Temp\6532a3f11edcd62c73ece88b5e3e118b09ff23c495217d0a71d2bf71aedbcc5e.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 dmpfdmserv275.xyz udp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp

Files

memory/1672-59-0x0000000075721000-0x0000000075723000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2021-06-23 06:28

Reported

2021-06-23 06:32

Platform

win10v20210410

Max time kernel

150s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6532a3f11edcd62c73ece88b5e3e118b09ff23c495217d0a71d2bf71aedbcc5e.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Checks installed software on the system

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\6532a3f11edcd62c73ece88b5e3e118b09ff23c495217d0a71d2bf71aedbcc5e.exe

"C:\Users\Admin\AppData\Local\Temp\6532a3f11edcd62c73ece88b5e3e118b09ff23c495217d0a71d2bf71aedbcc5e.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 dmpfdmserv275.xyz udp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 dmpfdmserv275.xyz tcp
N/A 45.147.230.122:80 tcp

Files

N/A