General
-
Target
80e1a8d742af3e917125d6a832f192e0
-
Size
761KB
-
Sample
211018-l1t8xsdda8
-
MD5
80e1a8d742af3e917125d6a832f192e0
-
SHA1
0ff5a3db02e5423b59ea3fc38f40e96ea7e433af
-
SHA256
be1ea1e4432bc2dd5531c026722fcb05b673f894c7cb72ca707f177acaa278cd
-
SHA512
2ea2610f0c6dd4a050377c59793726798f2648d18735b9cb04babf0090393fad7d48960a28e1314c31091dae6346b50b9b74e8515910f32a3c4e503250aa5a9b
Static task
static1
Behavioral task
behavioral1
Sample
80e1a8d742af3e917125d6a832f192e0.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
80e1a8d742af3e917125d6a832f192e0
-
Size
761KB
-
MD5
80e1a8d742af3e917125d6a832f192e0
-
SHA1
0ff5a3db02e5423b59ea3fc38f40e96ea7e433af
-
SHA256
be1ea1e4432bc2dd5531c026722fcb05b673f894c7cb72ca707f177acaa278cd
-
SHA512
2ea2610f0c6dd4a050377c59793726798f2648d18735b9cb04babf0090393fad7d48960a28e1314c31091dae6346b50b9b74e8515910f32a3c4e503250aa5a9b
-
Taurus Stealer Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-