General

  • Target

    ff18c6551b984365758e45a28561521883ae4abf3e45c05b27eefed26d8cce8d.exe

  • Size

    281KB

  • Sample

    210907-n8k2bsfgbl

  • MD5

    d62e866ff6a5c92f67bbd001e8e05520

  • SHA1

    ff14beb9ef062df2b09a181c868be19c9f2e57b4

  • SHA256

    ff18c6551b984365758e45a28561521883ae4abf3e45c05b27eefed26d8cce8d

  • SHA512

    0ae613611aa4410be63bfa9eb4ad9df6a17cf45b7c4a4b651be9f449ef12c946aa3c3f688857aad5480f29878ab75c93102691ceb35cecd0536381fd7d51289a

Malware Config

Targets

    • Target

      ff18c6551b984365758e45a28561521883ae4abf3e45c05b27eefed26d8cce8d.exe

    • Size

      281KB

    • MD5

      d62e866ff6a5c92f67bbd001e8e05520

    • SHA1

      ff14beb9ef062df2b09a181c868be19c9f2e57b4

    • SHA256

      ff18c6551b984365758e45a28561521883ae4abf3e45c05b27eefed26d8cce8d

    • SHA512

      0ae613611aa4410be63bfa9eb4ad9df6a17cf45b7c4a4b651be9f449ef12c946aa3c3f688857aad5480f29878ab75c93102691ceb35cecd0536381fd7d51289a

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks