General

  • Target

    f41a3c909622005b1232c4efa45d81af02df3b2c909da068f53c3075e78968bf

  • Size

    193KB

  • Sample

    220329-zsrpqafdal

  • MD5

    4a1614e8dd33699676835d6e846cc6dc

  • SHA1

    f2bdd8c3361073a14570add988d6bdf6c25f577e

  • SHA256

    f41a3c909622005b1232c4efa45d81af02df3b2c909da068f53c3075e78968bf

  • SHA512

    cc7b42e0ad5bc14a2b9c43c31bd7f0f799dc14836513ad8b3a24a70f843006931fe5ed344cd5cc07f13ad4f29d1e078a2bfeaa0679d6405a5c0da958303e22a6

Malware Config

Targets

    • Target

      f41a3c909622005b1232c4efa45d81af02df3b2c909da068f53c3075e78968bf

    • Size

      193KB

    • MD5

      4a1614e8dd33699676835d6e846cc6dc

    • SHA1

      f2bdd8c3361073a14570add988d6bdf6c25f577e

    • SHA256

      f41a3c909622005b1232c4efa45d81af02df3b2c909da068f53c3075e78968bf

    • SHA512

      cc7b42e0ad5bc14a2b9c43c31bd7f0f799dc14836513ad8b3a24a70f843006931fe5ed344cd5cc07f13ad4f29d1e078a2bfeaa0679d6405a5c0da958303e22a6

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks