General

  • Target

    1b4ae135ad7f9837407f2bc097eb099e54b5665365b80f1b3b7a6ce6fbca9996

  • Size

    301KB

  • Sample

    220319-psd4hsaab8

  • MD5

    4af5f47afaa5fd84a3d1557e6acd7f4c

  • SHA1

    d335722d4ee5fbdc38916254de8ec03da15e68fb

  • SHA256

    1b4ae135ad7f9837407f2bc097eb099e54b5665365b80f1b3b7a6ce6fbca9996

  • SHA512

    d09773f265af8c93780204529122bd85c1ed88e08bc0c2766b766c1adcd6feeece64910b0ddc6823585ed5959d519b9be4a2896897c26c1a81e965564054ce44

Malware Config

Targets

    • Target

      1b4ae135ad7f9837407f2bc097eb099e54b5665365b80f1b3b7a6ce6fbca9996

    • Size

      301KB

    • MD5

      4af5f47afaa5fd84a3d1557e6acd7f4c

    • SHA1

      d335722d4ee5fbdc38916254de8ec03da15e68fb

    • SHA256

      1b4ae135ad7f9837407f2bc097eb099e54b5665365b80f1b3b7a6ce6fbca9996

    • SHA512

      d09773f265af8c93780204529122bd85c1ed88e08bc0c2766b766c1adcd6feeece64910b0ddc6823585ed5959d519b9be4a2896897c26c1a81e965564054ce44

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks