General
-
Target
9d3aab1f80e8d8025bbb38ca3ece961dd2e896041039f1bbdc1ee25996daab37
-
Size
747KB
-
Sample
220206-2jfxzaceg2
-
MD5
6e29693cfa077598b069297df14fa710
-
SHA1
408cd4b0102d173a1581fef8db3ce8142c34834c
-
SHA256
9d3aab1f80e8d8025bbb38ca3ece961dd2e896041039f1bbdc1ee25996daab37
-
SHA512
b7aa75062faa13f667a4f287d68c8e84fe6a1b29756a03c8df8da8cf64fe964f3930aee92f1b23acd3a1c76003c666365ec8cd0b85949a551e6b4f8ee17851f1
Static task
static1
Behavioral task
behavioral1
Sample
po-202103.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
po-202103.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
po-202103.exe
-
Size
1.1MB
-
MD5
83565d8eac8fbbc1b5392913e329397e
-
SHA1
1795fa118fe0484f3238d94207946a988d6ad97a
-
SHA256
787760272209442be52c110ab48a8af7b6d504725708750685275ccdee2807ec
-
SHA512
9930aa82eec1ce8a046ff194d7ba45b24879f45a594356e325ea04614bd3d8001154da7c1f03074c2905c32750b0f4e1caf92dca86c05ccc2e77b81114721990
-
Taurus Stealer Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-