General

  • Target

    3273840f7c787605a57e054dc76e740e75e58061f309a18b481c0e41d0738f73

  • Size

    303KB

  • Sample

    220221-22kc4sbdg4

  • MD5

    2da74cb135cb2324bb1ffa2a6032306e

  • SHA1

    c67afe84724d414c4c6a40801cf3d11e3f8f96bc

  • SHA256

    3273840f7c787605a57e054dc76e740e75e58061f309a18b481c0e41d0738f73

  • SHA512

    91c8f1570c418d38f0b5de2f8f72101dec5bce3da10e5c7336a4925966d2f052dbff071c3d35aa300ac8dcfec8b38956edee23b7c2cf7e63a3b1a37d2c9f516f

Malware Config

Targets

    • Target

      DOCUMENT FILE.exe

    • Size

      360KB

    • MD5

      fbe426a8d46b433667c3a30f38c703ab

    • SHA1

      bed53dc755559ecc8ed6a84f7efbe877937324de

    • SHA256

      847fa8413751c698b7cb1f258a4365d8e50915e4811fa916308f6b0e18cbc17d

    • SHA512

      8c22771d773da05bb36d0f4285c25b61157ad42c044d6029f98103b755b5567b2964d225fd18d9d0295bb25a002ba8c9dec9a9567862822ced0ea108f26c8956

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks