General

  • Target

    e0ff40e2c34ebbe25f35b3cff069a1b8e739e79ffa3c43c224656b9937d0c5ba

  • Size

    351KB

  • Sample

    220319-18213aahak

  • MD5

    93d5c7c3bf0fb3ccebc6b1d8da41ebde

  • SHA1

    24192981ee63e6b50da1739e75d3d1934e9e0356

  • SHA256

    e0ff40e2c34ebbe25f35b3cff069a1b8e739e79ffa3c43c224656b9937d0c5ba

  • SHA512

    a7d84e32c8a131ddc667469fda27a1d681979995d9754dfe30e7c606da6cab68a665cf78fce6644326247102272ac176b25579aeaf0b597a01cf4d27fd9e7fc4

Malware Config

Targets

    • Target

      e0ff40e2c34ebbe25f35b3cff069a1b8e739e79ffa3c43c224656b9937d0c5ba

    • Size

      351KB

    • MD5

      93d5c7c3bf0fb3ccebc6b1d8da41ebde

    • SHA1

      24192981ee63e6b50da1739e75d3d1934e9e0356

    • SHA256

      e0ff40e2c34ebbe25f35b3cff069a1b8e739e79ffa3c43c224656b9937d0c5ba

    • SHA512

      a7d84e32c8a131ddc667469fda27a1d681979995d9754dfe30e7c606da6cab68a665cf78fce6644326247102272ac176b25579aeaf0b597a01cf4d27fd9e7fc4

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks