General

  • Target

    fc73a6d7ba29346cec2696e05861af8a

  • Size

    1.3MB

  • Sample

    211018-l1xn2sddd4

  • MD5

    fc73a6d7ba29346cec2696e05861af8a

  • SHA1

    463d5f12fd5c940323439cb023e2f46ffb4cabac

  • SHA256

    1ffa9fbad9e31dbaa54e8f72abe42fdccb47333d1aa07bf0c541d0011f7ac9cc

  • SHA512

    a42ecbd88a646b3fa0820304397980429cbee95efe66a273ee68edd32b410cd5c108d6400ed999f0e4923f03ad708f539b5bb4147292434bef02dd1706e59611

Malware Config

Targets

    • Target

      fc73a6d7ba29346cec2696e05861af8a

    • Size

      1.3MB

    • MD5

      fc73a6d7ba29346cec2696e05861af8a

    • SHA1

      463d5f12fd5c940323439cb023e2f46ffb4cabac

    • SHA256

      1ffa9fbad9e31dbaa54e8f72abe42fdccb47333d1aa07bf0c541d0011f7ac9cc

    • SHA512

      a42ecbd88a646b3fa0820304397980429cbee95efe66a273ee68edd32b410cd5c108d6400ed999f0e4923f03ad708f539b5bb4147292434bef02dd1706e59611

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks