General

  • Target

    c16220188bcd3333f484071355b857cde30cca0c925b32f221c9088a05fe6fb0

  • Size

    294KB

  • Sample

    220319-hqwr8adeb4

  • MD5

    2bc7a775d535c270fab1e320f69fa939

  • SHA1

    0c8005438a289e2bc9c3eae01e550499c0702cf0

  • SHA256

    c16220188bcd3333f484071355b857cde30cca0c925b32f221c9088a05fe6fb0

  • SHA512

    6b1790dde68118cdd6919f32061c176dce797c6e292ab7316af5f89cf26ca9bb8eff9f68dbc8b487e50dc30b090bc514bcd2bbc85a75f6b9ccd8a00580e2d8ae

Malware Config

Targets

    • Target

      c16220188bcd3333f484071355b857cde30cca0c925b32f221c9088a05fe6fb0

    • Size

      294KB

    • MD5

      2bc7a775d535c270fab1e320f69fa939

    • SHA1

      0c8005438a289e2bc9c3eae01e550499c0702cf0

    • SHA256

      c16220188bcd3333f484071355b857cde30cca0c925b32f221c9088a05fe6fb0

    • SHA512

      6b1790dde68118cdd6919f32061c176dce797c6e292ab7316af5f89cf26ca9bb8eff9f68dbc8b487e50dc30b090bc514bcd2bbc85a75f6b9ccd8a00580e2d8ae

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks