General

  • Target

    cd74289a98686d42fec83b4d8fd46cd1f814b2f496781e0f3a6c8e966cfc4488

  • Size

    389KB

  • Sample

    220330-bnx4yaead3

  • MD5

    a0f5953559b4a9fc2584a2a76788a60e

  • SHA1

    628b085fb3bc1fe79c6e84a54fb79a4b10f48e1a

  • SHA256

    cd74289a98686d42fec83b4d8fd46cd1f814b2f496781e0f3a6c8e966cfc4488

  • SHA512

    e26c1e1b400d95474ef70425d96235d626c5495db569decf7bb5123098c1d36f32344faed5dcb51ff85872ee6efd6ba1554842afc3c9bda520dd47223cf30e21

Malware Config

Targets

    • Target

      cd74289a98686d42fec83b4d8fd46cd1f814b2f496781e0f3a6c8e966cfc4488

    • Size

      389KB

    • MD5

      a0f5953559b4a9fc2584a2a76788a60e

    • SHA1

      628b085fb3bc1fe79c6e84a54fb79a4b10f48e1a

    • SHA256

      cd74289a98686d42fec83b4d8fd46cd1f814b2f496781e0f3a6c8e966cfc4488

    • SHA512

      e26c1e1b400d95474ef70425d96235d626c5495db569decf7bb5123098c1d36f32344faed5dcb51ff85872ee6efd6ba1554842afc3c9bda520dd47223cf30e21

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks