General

  • Target

    15198c9760826669da8c5583c71725a59e3917efaa2b5f4eacaa74a9a00e8fdd

  • Size

    346KB

  • Sample

    220319-xq9reagddj

  • MD5

    901e2949c7666c008f0d4e28c7ff0a50

  • SHA1

    de539b81db31c8889e299fd71ab464c8f343963a

  • SHA256

    15198c9760826669da8c5583c71725a59e3917efaa2b5f4eacaa74a9a00e8fdd

  • SHA512

    ffdba3db99019b27903d73848841b62aff8eb52b5df4b1aa023e707256f1209b2fc4b25e531b2218f09c0b00086b331e5160cce1ac0b7f07a99b47b08d7e8f6c

Malware Config

Targets

    • Target

      15198c9760826669da8c5583c71725a59e3917efaa2b5f4eacaa74a9a00e8fdd

    • Size

      346KB

    • MD5

      901e2949c7666c008f0d4e28c7ff0a50

    • SHA1

      de539b81db31c8889e299fd71ab464c8f343963a

    • SHA256

      15198c9760826669da8c5583c71725a59e3917efaa2b5f4eacaa74a9a00e8fdd

    • SHA512

      ffdba3db99019b27903d73848841b62aff8eb52b5df4b1aa023e707256f1209b2fc4b25e531b2218f09c0b00086b331e5160cce1ac0b7f07a99b47b08d7e8f6c

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks