General

  • Target

    7f945e1d965b68e1ea68a3e9cd2263dd8b664a5cf618529dda169fb650b6505a

  • Size

    239KB

  • Sample

    220221-nfec3shhd6

  • MD5

    10108038254a01b7067db434c9722aec

  • SHA1

    063ff37c1e1a69d0795ada4ea103eab03b4ff3ee

  • SHA256

    7f945e1d965b68e1ea68a3e9cd2263dd8b664a5cf618529dda169fb650b6505a

  • SHA512

    3f0219c4bcd839144b3a1eab4c8b9f87436841e9362cb0664680bc48a6220a09cbc36beac2c872e23564dfb5ee22adeb97d4ce347325b19d7f1f5077abcd49f7

Malware Config

Targets

    • Target

      INVOICES_BL_AWB_2021.exe

    • Size

      354KB

    • MD5

      8ccf9291528b147f1ada20fe94dc822a

    • SHA1

      3c379dfb7f6f26a067077cba102ee8d0ca992425

    • SHA256

      4679648337426622a1f44b99207a036144b1e12391c36733eea10f63a02d0304

    • SHA512

      549b7ea411857bea6e14a5d840ea030c5610d29306f675de16d6ae033116685f28271140485d0b2e06f7b08f8a5cd9caad2209691b64b26ab4313186bcb0b8b5

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks