General

  • Target

    49a25aac4e315d60920103b5cfcb80a1b7ba0648d6fe6d6603150a0725c042f5

  • Size

    346KB

  • Sample

    220319-wp4y4afdg4

  • MD5

    ec77aef954ff9e6df546bf38eeae352d

  • SHA1

    1b875960ec131081dd1d61747f6f2cc7b1c5b4da

  • SHA256

    49a25aac4e315d60920103b5cfcb80a1b7ba0648d6fe6d6603150a0725c042f5

  • SHA512

    15d598d8a28fb7ad91388da4c1b62dfcc789d3783d205dfd1f3a1ff2c37434b60afba3164d72d54a33c827aa1f4e40d0594dc995dd4bc4edac242eb31d06d5ef

Malware Config

Targets

    • Target

      49a25aac4e315d60920103b5cfcb80a1b7ba0648d6fe6d6603150a0725c042f5

    • Size

      346KB

    • MD5

      ec77aef954ff9e6df546bf38eeae352d

    • SHA1

      1b875960ec131081dd1d61747f6f2cc7b1c5b4da

    • SHA256

      49a25aac4e315d60920103b5cfcb80a1b7ba0648d6fe6d6603150a0725c042f5

    • SHA512

      15d598d8a28fb7ad91388da4c1b62dfcc789d3783d205dfd1f3a1ff2c37434b60afba3164d72d54a33c827aa1f4e40d0594dc995dd4bc4edac242eb31d06d5ef

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks