General

  • Target

    48df29b648d9d5aeff2a44da9f6ff022

  • Size

    346KB

  • Sample

    211018-l1sp4aecdq

  • MD5

    48df29b648d9d5aeff2a44da9f6ff022

  • SHA1

    c319e261a3384ba6575f2f91f9bf39b641fd5a6e

  • SHA256

    1b1d14f0709da75b0873bc0fffb15f2495e1c5df2d0163db485f2c008d2d41cc

  • SHA512

    4b9a26db84f34af3681d014ae32964fcea648cc229c06307a84c0c8619ba74b95d32cf90f1cd682acb013f6c3f75ac7e1887e7761cb90e8d5d8e025757ac1c44

Malware Config

Targets

    • Target

      48df29b648d9d5aeff2a44da9f6ff022

    • Size

      346KB

    • MD5

      48df29b648d9d5aeff2a44da9f6ff022

    • SHA1

      c319e261a3384ba6575f2f91f9bf39b641fd5a6e

    • SHA256

      1b1d14f0709da75b0873bc0fffb15f2495e1c5df2d0163db485f2c008d2d41cc

    • SHA512

      4b9a26db84f34af3681d014ae32964fcea648cc229c06307a84c0c8619ba74b95d32cf90f1cd682acb013f6c3f75ac7e1887e7761cb90e8d5d8e025757ac1c44

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks