General

  • Target

    cab376e1d85536933839b0247b8345c642b00e0fd8d217e2f8e90ddca69810cc

  • Size

    294KB

  • Sample

    220319-j2ethsedcj

  • MD5

    b650ff59fb07406eda08a0056b08cba9

  • SHA1

    000bf16bcd09af704fd23d505829e56d272794de

  • SHA256

    cab376e1d85536933839b0247b8345c642b00e0fd8d217e2f8e90ddca69810cc

  • SHA512

    9c55b7251b19ffb49ec86800daa3a52126991eb3f25c7b37078e0f32532d0b20403ec5555f12ee2ec9bcbc4b1126a29e83d6b1fb1eefaf085056f787d79300ed

Malware Config

Targets

    • Target

      cab376e1d85536933839b0247b8345c642b00e0fd8d217e2f8e90ddca69810cc

    • Size

      294KB

    • MD5

      b650ff59fb07406eda08a0056b08cba9

    • SHA1

      000bf16bcd09af704fd23d505829e56d272794de

    • SHA256

      cab376e1d85536933839b0247b8345c642b00e0fd8d217e2f8e90ddca69810cc

    • SHA512

      9c55b7251b19ffb49ec86800daa3a52126991eb3f25c7b37078e0f32532d0b20403ec5555f12ee2ec9bcbc4b1126a29e83d6b1fb1eefaf085056f787d79300ed

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks