General

  • Target

    d8e4984ab055e226b86353696dfe8f21df4511dbaea2a093e8c21680306181b7

  • Size

    414KB

  • Sample

    220330-bnsjfsaagk

  • MD5

    69478e1c6084d433453988c4d75e301a

  • SHA1

    ae44c80bdcba88d5d6a9bccba9d4d782999b1c19

  • SHA256

    d8e4984ab055e226b86353696dfe8f21df4511dbaea2a093e8c21680306181b7

  • SHA512

    621d52211fd9e85fa26a1c6cc259c12f10ae6c6454fc8bfeb030f7e09b0b03abd5ef68d04a0f0afa6390c451399bc99561ece1447a9de7a22947d6668fb1328c

Malware Config

Targets

    • Target

      d8e4984ab055e226b86353696dfe8f21df4511dbaea2a093e8c21680306181b7

    • Size

      414KB

    • MD5

      69478e1c6084d433453988c4d75e301a

    • SHA1

      ae44c80bdcba88d5d6a9bccba9d4d782999b1c19

    • SHA256

      d8e4984ab055e226b86353696dfe8f21df4511dbaea2a093e8c21680306181b7

    • SHA512

      621d52211fd9e85fa26a1c6cc259c12f10ae6c6454fc8bfeb030f7e09b0b03abd5ef68d04a0f0afa6390c451399bc99561ece1447a9de7a22947d6668fb1328c

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks