General

  • Target

    4aab66cb1f1c76a6ed7e259caa2d3494

  • Size

    386KB

  • Sample

    211018-l1s1vsdda2

  • MD5

    4aab66cb1f1c76a6ed7e259caa2d3494

  • SHA1

    f1c0ac1db43c11768e13a4f58fe12bc9badafdb9

  • SHA256

    adf2a21e7b932fc75261702ea0d9c5d6377ff06dffff04fe18e2d431364ffb74

  • SHA512

    de08e284e0d9ca734dfa73ae96ae86039ad96f56a9234ae05aeccc642a1a219c265b01df81ba55f1e10f92d859562d62e372cf32c941bdc1fb0f803fe2bbb2ad

Malware Config

Targets

    • Target

      4aab66cb1f1c76a6ed7e259caa2d3494

    • Size

      386KB

    • MD5

      4aab66cb1f1c76a6ed7e259caa2d3494

    • SHA1

      f1c0ac1db43c11768e13a4f58fe12bc9badafdb9

    • SHA256

      adf2a21e7b932fc75261702ea0d9c5d6377ff06dffff04fe18e2d431364ffb74

    • SHA512

      de08e284e0d9ca734dfa73ae96ae86039ad96f56a9234ae05aeccc642a1a219c265b01df81ba55f1e10f92d859562d62e372cf32c941bdc1fb0f803fe2bbb2ad

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks