General

  • Target

    5b94f73b3a2d76c2f7283e281754d9f2d64bff4f97aa89d047c2be02b5b489ff

  • Size

    374KB

  • Sample

    220315-zsq37afhg8

  • MD5

    1776758db56fd02074114a1d98e7571b

  • SHA1

    91fd2a402b0a93a0440d82ce44067f769f6bbbb1

  • SHA256

    5b94f73b3a2d76c2f7283e281754d9f2d64bff4f97aa89d047c2be02b5b489ff

  • SHA512

    fffeb63a83f444066a57a1ec5b0d80214ec42d8531725994718bf1a2eff8a636a842c405a0ecb52d8cc4a752e8f6a4fd8b06a84cd2ca745a63089469b06662f8

Malware Config

Targets

    • Target

      5b94f73b3a2d76c2f7283e281754d9f2d64bff4f97aa89d047c2be02b5b489ff

    • Size

      374KB

    • MD5

      1776758db56fd02074114a1d98e7571b

    • SHA1

      91fd2a402b0a93a0440d82ce44067f769f6bbbb1

    • SHA256

      5b94f73b3a2d76c2f7283e281754d9f2d64bff4f97aa89d047c2be02b5b489ff

    • SHA512

      fffeb63a83f444066a57a1ec5b0d80214ec42d8531725994718bf1a2eff8a636a842c405a0ecb52d8cc4a752e8f6a4fd8b06a84cd2ca745a63089469b06662f8

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks