General

  • Target

    0d80e8fce57a08aa2a78789eb14e26fdfae755b1cc7f631cf789048601366cea

  • Size

    340KB

  • Sample

    220319-g2wqxsdahp

  • MD5

    68a6d3061d57cdc7f4713bb932fee40a

  • SHA1

    806666f6d897e950ae07d30ad450e8e8caa6c9be

  • SHA256

    0d80e8fce57a08aa2a78789eb14e26fdfae755b1cc7f631cf789048601366cea

  • SHA512

    c740c48aa26e806ab7f1eb99b00ce947398f7252a3f7d74e24fda1754ec6443a599ea188361adab5ec6bd02ef9b0feb5572317865a8e539ff1003b7e07c308ea

Malware Config

Targets

    • Target

      0d80e8fce57a08aa2a78789eb14e26fdfae755b1cc7f631cf789048601366cea

    • Size

      340KB

    • MD5

      68a6d3061d57cdc7f4713bb932fee40a

    • SHA1

      806666f6d897e950ae07d30ad450e8e8caa6c9be

    • SHA256

      0d80e8fce57a08aa2a78789eb14e26fdfae755b1cc7f631cf789048601366cea

    • SHA512

      c740c48aa26e806ab7f1eb99b00ce947398f7252a3f7d74e24fda1754ec6443a599ea188361adab5ec6bd02ef9b0feb5572317865a8e539ff1003b7e07c308ea

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks