General

  • Target

    eac952a666a4dbd271a030d445601e1ba6ee3d9209a04863b090df8e6af67365

  • Size

    318KB

  • Sample

    220319-hy3whadfb9

  • MD5

    c1d6f7e4c02ad09af1b3da524c404b5b

  • SHA1

    59c9296b08ade50ac16b0f23d16061e7c12b30d9

  • SHA256

    eac952a666a4dbd271a030d445601e1ba6ee3d9209a04863b090df8e6af67365

  • SHA512

    366fc028ebefc1eb387baba0c102e2e132a7b44395753b004de280eb4c16579c9c7e3a9735e0ab42972744a568523391a7ee9bc6c737307fde2ef69712acfaf3

Malware Config

Targets

    • Target

      eac952a666a4dbd271a030d445601e1ba6ee3d9209a04863b090df8e6af67365

    • Size

      318KB

    • MD5

      c1d6f7e4c02ad09af1b3da524c404b5b

    • SHA1

      59c9296b08ade50ac16b0f23d16061e7c12b30d9

    • SHA256

      eac952a666a4dbd271a030d445601e1ba6ee3d9209a04863b090df8e6af67365

    • SHA512

      366fc028ebefc1eb387baba0c102e2e132a7b44395753b004de280eb4c16579c9c7e3a9735e0ab42972744a568523391a7ee9bc6c737307fde2ef69712acfaf3

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks