General
-
Target
c1c071e02b712cd4e8a8e010a7b6e77a31c542221a6b9510df6b792b8a15eb40
-
Size
8.0MB
-
Sample
220328-wl3lvschg7
-
MD5
d8e6da9dd193f39f4a18b9df2e8bc7ab
-
SHA1
c95a73005b7b5722a593ac50bae91f198572d0ad
-
SHA256
c1c071e02b712cd4e8a8e010a7b6e77a31c542221a6b9510df6b792b8a15eb40
-
SHA512
122be791aade804d0d91c030abe282773667d46cd1f256364c2a13008c64ed1f1f823691ccc0e0b824c55ba0e00c4350d015e354a41a17c0be7a69fcd3300c8f
Static task
static1
Behavioral task
behavioral1
Sample
c1c071e02b712cd4e8a8e010a7b6e77a31c542221a6b9510df6b792b8a15eb40.exe
Resource
win7-20220311-en
Malware Config
Targets
-
-
Target
c1c071e02b712cd4e8a8e010a7b6e77a31c542221a6b9510df6b792b8a15eb40
-
Size
8.0MB
-
MD5
d8e6da9dd193f39f4a18b9df2e8bc7ab
-
SHA1
c95a73005b7b5722a593ac50bae91f198572d0ad
-
SHA256
c1c071e02b712cd4e8a8e010a7b6e77a31c542221a6b9510df6b792b8a15eb40
-
SHA512
122be791aade804d0d91c030abe282773667d46cd1f256364c2a13008c64ed1f1f823691ccc0e0b824c55ba0e00c4350d015e354a41a17c0be7a69fcd3300c8f
-
Taurus Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-