General

  • Target

    5cdf699d4fb6bbef93b520dfd5bce19a3178feb05ab4db0503abc98173805e98

  • Size

    414KB

  • Sample

    220330-bqq4eaeaf6

  • MD5

    efd1e0a21b3b9d89fb9d88c3ff382835

  • SHA1

    070bbf19a991a283a18479eec1b38a33809d528e

  • SHA256

    5cdf699d4fb6bbef93b520dfd5bce19a3178feb05ab4db0503abc98173805e98

  • SHA512

    54c43a036878494d4fbf1d52f4f04d1f5133151ec5bed21b0a7c2755052c03fbb8908de3bcf0b5b3446c60c56a3b0352b6a20f405848741d3b038bfd48739b83

Malware Config

Targets

    • Target

      5cdf699d4fb6bbef93b520dfd5bce19a3178feb05ab4db0503abc98173805e98

    • Size

      414KB

    • MD5

      efd1e0a21b3b9d89fb9d88c3ff382835

    • SHA1

      070bbf19a991a283a18479eec1b38a33809d528e

    • SHA256

      5cdf699d4fb6bbef93b520dfd5bce19a3178feb05ab4db0503abc98173805e98

    • SHA512

      54c43a036878494d4fbf1d52f4f04d1f5133151ec5bed21b0a7c2755052c03fbb8908de3bcf0b5b3446c60c56a3b0352b6a20f405848741d3b038bfd48739b83

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks