General

  • Target

    fe42ce239eafd0892b3a3d2cac6d9f74d84580c5f6457b0417a42200c01507a2

  • Size

    310KB

  • Sample

    220319-3xnqeacef9

  • MD5

    675c1d4f4f7ef7e345182438e36b25fd

  • SHA1

    173ff3833ec4f3af80a91439790cb7bc84ce4094

  • SHA256

    fe42ce239eafd0892b3a3d2cac6d9f74d84580c5f6457b0417a42200c01507a2

  • SHA512

    f89236af8fe5592771ab4d9f27ae8b72927ce06e441e00a74cc37e4475b7cff7900ffbf7ed0fb4237da802c5c17b192c4d30e8eaee5b0153408470c83a3c975d

Malware Config

Targets

    • Target

      fe42ce239eafd0892b3a3d2cac6d9f74d84580c5f6457b0417a42200c01507a2

    • Size

      310KB

    • MD5

      675c1d4f4f7ef7e345182438e36b25fd

    • SHA1

      173ff3833ec4f3af80a91439790cb7bc84ce4094

    • SHA256

      fe42ce239eafd0892b3a3d2cac6d9f74d84580c5f6457b0417a42200c01507a2

    • SHA512

      f89236af8fe5592771ab4d9f27ae8b72927ce06e441e00a74cc37e4475b7cff7900ffbf7ed0fb4237da802c5c17b192c4d30e8eaee5b0153408470c83a3c975d

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks