General
-
Target
4a71267609d0b15255c19c6892a365514d122ced1ebe66df1aa795b94a125a11
-
Size
2.4MB
-
Sample
220320-bfmm8sdgc3
-
MD5
7f1ce9e6eac4ba673a3e8e0177421fe5
-
SHA1
1f4e85d80ad7e635bfb6a0947fa60bb53eb8b443
-
SHA256
4a71267609d0b15255c19c6892a365514d122ced1ebe66df1aa795b94a125a11
-
SHA512
02f4cc79a1110bbada597edaecce7f477e15d9a31942bd06055a2fdcc2419cfb6ea064397e4db173d59f26a27086947acce28ee235ed6a425d54a9d55952bb3e
Static task
static1
Behavioral task
behavioral1
Sample
4a71267609d0b15255c19c6892a365514d122ced1ebe66df1aa795b94a125a11.exe
Resource
win7-20220310-en
Malware Config
Targets
-
-
Target
4a71267609d0b15255c19c6892a365514d122ced1ebe66df1aa795b94a125a11
-
Size
2.4MB
-
MD5
7f1ce9e6eac4ba673a3e8e0177421fe5
-
SHA1
1f4e85d80ad7e635bfb6a0947fa60bb53eb8b443
-
SHA256
4a71267609d0b15255c19c6892a365514d122ced1ebe66df1aa795b94a125a11
-
SHA512
02f4cc79a1110bbada597edaecce7f477e15d9a31942bd06055a2fdcc2419cfb6ea064397e4db173d59f26a27086947acce28ee235ed6a425d54a9d55952bb3e
-
Taurus Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-