General
-
Target
48ebbbdc7e6550ad9dd3f13bb8834d6e5647dd561365ef17ea61b4829b92484e
-
Size
2.9MB
-
Sample
220309-q34btsghh3
-
MD5
24a5a2ef4302d53eb1684c22532f9375
-
SHA1
415f847786304bda4605c8c2f2c324ada4e8ae28
-
SHA256
48ebbbdc7e6550ad9dd3f13bb8834d6e5647dd561365ef17ea61b4829b92484e
-
SHA512
c76ceb10f3d2cb4f0cc9124a68a49d61ceb8b7f77d846a9fb8065131a0d6ced7bb149bae55359533b857ce325f97bd7b7a85a3e4f21ae26d684136487f0e132e
Static task
static1
Behavioral task
behavioral1
Sample
48ebbbdc7e6550ad9dd3f13bb8834d6e5647dd561365ef17ea61b4829b92484e.exe
Resource
win7-20220223-en
Malware Config
Targets
-
-
Target
48ebbbdc7e6550ad9dd3f13bb8834d6e5647dd561365ef17ea61b4829b92484e
-
Size
2.9MB
-
MD5
24a5a2ef4302d53eb1684c22532f9375
-
SHA1
415f847786304bda4605c8c2f2c324ada4e8ae28
-
SHA256
48ebbbdc7e6550ad9dd3f13bb8834d6e5647dd561365ef17ea61b4829b92484e
-
SHA512
c76ceb10f3d2cb4f0cc9124a68a49d61ceb8b7f77d846a9fb8065131a0d6ced7bb149bae55359533b857ce325f97bd7b7a85a3e4f21ae26d684136487f0e132e
-
Taurus Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-