General

  • Target

    e3e913ced6cafa3bda878c2aa08e3fd852afff478d3736505687d0d195ad0049

  • Size

    298KB

  • Sample

    220319-qwdslabad9

  • MD5

    795b4fbdcdbaa8d2f71c3f696d31cac8

  • SHA1

    faa239ab67f548737fba6da34e37e1f3bd831634

  • SHA256

    e3e913ced6cafa3bda878c2aa08e3fd852afff478d3736505687d0d195ad0049

  • SHA512

    9a3b128b4ed7382f64bc7fc4767cb3da5fbc8b6315b66d9f3fa91576bda6ec42d3eefef436658052a2e7e3d3783f0f55eeee55cfbc4b363794c5ba403c4cfc23

Malware Config

Targets

    • Target

      e3e913ced6cafa3bda878c2aa08e3fd852afff478d3736505687d0d195ad0049

    • Size

      298KB

    • MD5

      795b4fbdcdbaa8d2f71c3f696d31cac8

    • SHA1

      faa239ab67f548737fba6da34e37e1f3bd831634

    • SHA256

      e3e913ced6cafa3bda878c2aa08e3fd852afff478d3736505687d0d195ad0049

    • SHA512

      9a3b128b4ed7382f64bc7fc4767cb3da5fbc8b6315b66d9f3fa91576bda6ec42d3eefef436658052a2e7e3d3783f0f55eeee55cfbc4b363794c5ba403c4cfc23

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks