General

  • Target

    09f3e1540d811e2b18c2d24abcaebe7714373990aa6dc1c68a746d5233aea1b8

  • Size

    461KB

  • Sample

    220319-mwqwdagbb8

  • MD5

    d15649ebcfd17080cbd17e81e2b1d29e

  • SHA1

    2af15ccd2cc8ab2f131a5d0da5b8f3aba6f0b87a

  • SHA256

    09f3e1540d811e2b18c2d24abcaebe7714373990aa6dc1c68a746d5233aea1b8

  • SHA512

    8c65bf5020d369ba37cd7a5433951c4e2589fc8e275688261b204c8b8ac077884b7b62aff0fe78f067b89fdc119d9f25425341af26e3a5329ea42a37908beab6

Malware Config

Targets

    • Target

      09f3e1540d811e2b18c2d24abcaebe7714373990aa6dc1c68a746d5233aea1b8

    • Size

      461KB

    • MD5

      d15649ebcfd17080cbd17e81e2b1d29e

    • SHA1

      2af15ccd2cc8ab2f131a5d0da5b8f3aba6f0b87a

    • SHA256

      09f3e1540d811e2b18c2d24abcaebe7714373990aa6dc1c68a746d5233aea1b8

    • SHA512

      8c65bf5020d369ba37cd7a5433951c4e2589fc8e275688261b204c8b8ac077884b7b62aff0fe78f067b89fdc119d9f25425341af26e3a5329ea42a37908beab6

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks