General

  • Target

    038411f02c0d89734cfcd6790c3ef7cc7ff3b8c3dbcab47aa16ed60d26cdbc21

  • Size

    2.1MB

  • Sample

    220319-twbj1sdehr

  • MD5

    f2a2c14f8a4dd4ca612c9d3cd534aee1

  • SHA1

    4560a5fe618883ccd95236de1dfcdd71ef7f5094

  • SHA256

    038411f02c0d89734cfcd6790c3ef7cc7ff3b8c3dbcab47aa16ed60d26cdbc21

  • SHA512

    b9f5736f4cbee2ad59f5a5d5866a2ad2d0d06f35889272fe739ce9eadafd88a7ad8a83cee9f4e9e0c57d18b5228d8517da295baca1672f18c55106589110a6ca

Malware Config

Targets

    • Target

      038411f02c0d89734cfcd6790c3ef7cc7ff3b8c3dbcab47aa16ed60d26cdbc21

    • Size

      2.1MB

    • MD5

      f2a2c14f8a4dd4ca612c9d3cd534aee1

    • SHA1

      4560a5fe618883ccd95236de1dfcdd71ef7f5094

    • SHA256

      038411f02c0d89734cfcd6790c3ef7cc7ff3b8c3dbcab47aa16ed60d26cdbc21

    • SHA512

      b9f5736f4cbee2ad59f5a5d5866a2ad2d0d06f35889272fe739ce9eadafd88a7ad8a83cee9f4e9e0c57d18b5228d8517da295baca1672f18c55106589110a6ca

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks