General

  • Target

    7509e62df6488a501624907d4bc6823f70d9aae070708f136cbe8c6b2391b144

  • Size

    346KB

  • Sample

    220319-we1hxsfbbj

  • MD5

    a1809931a9f1a0b391d251e0a1765ce8

  • SHA1

    a6235d6dd2c3b4363c14327d0f93d71782016981

  • SHA256

    7509e62df6488a501624907d4bc6823f70d9aae070708f136cbe8c6b2391b144

  • SHA512

    4c2caf2cba4b0f383a93de9f65801d9db0f00d789d4f3c769c5445ce579a555b69bf2b9c2dd73667a9fc3edb6b148b45ac6aa38bdc6a92ef7cc68a0d9d30e79c

Malware Config

Targets

    • Target

      7509e62df6488a501624907d4bc6823f70d9aae070708f136cbe8c6b2391b144

    • Size

      346KB

    • MD5

      a1809931a9f1a0b391d251e0a1765ce8

    • SHA1

      a6235d6dd2c3b4363c14327d0f93d71782016981

    • SHA256

      7509e62df6488a501624907d4bc6823f70d9aae070708f136cbe8c6b2391b144

    • SHA512

      4c2caf2cba4b0f383a93de9f65801d9db0f00d789d4f3c769c5445ce579a555b69bf2b9c2dd73667a9fc3edb6b148b45ac6aa38bdc6a92ef7cc68a0d9d30e79c

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks