General

  • Target

    e7f1c54a5ca45b7e6e4633d3b0e82d1498b6ef62df213f78029365576e38bfb0

  • Size

    616KB

  • Sample

    220319-h7h8fsdgc4

  • MD5

    c0afc7b1319c3b5e2a5a5ac3a9227d0d

  • SHA1

    afcd83b3e44f6c1828a041122cb112cc28d472c8

  • SHA256

    e7f1c54a5ca45b7e6e4633d3b0e82d1498b6ef62df213f78029365576e38bfb0

  • SHA512

    b71ce021335a834ea078524be029da75b34a72935b3e9a83ca16bf51e7bf5972315bb7046906806091d33dfe60c44910cc97093d58a61926e78949473554eb0a

Malware Config

Targets

    • Target

      e7f1c54a5ca45b7e6e4633d3b0e82d1498b6ef62df213f78029365576e38bfb0

    • Size

      616KB

    • MD5

      c0afc7b1319c3b5e2a5a5ac3a9227d0d

    • SHA1

      afcd83b3e44f6c1828a041122cb112cc28d472c8

    • SHA256

      e7f1c54a5ca45b7e6e4633d3b0e82d1498b6ef62df213f78029365576e38bfb0

    • SHA512

      b71ce021335a834ea078524be029da75b34a72935b3e9a83ca16bf51e7bf5972315bb7046906806091d33dfe60c44910cc97093d58a61926e78949473554eb0a

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks