Analysis
-
max time kernel
45s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-04-2022 13:51
General
-
Target
46af026f8b54d3857caf15c88286c3e3f202e67517cb4e927f9985bc018fc2bb.exe
-
Size
488KB
-
MD5
7978376aae6002b7f518acabd27fa797
-
SHA1
06551640b2f681b89b81c0cb0031b7ab8457d46b
-
SHA256
46af026f8b54d3857caf15c88286c3e3f202e67517cb4e927f9985bc018fc2bb
-
SHA512
c4a0cb4fd1ba741e72f673d9efa103b220b6db68f136e5355cdaafea179b5f5654e092ae129cd1d584fbd725823f35e0812dd1bb67ea34270056030dfb774969
Score
10/10
Malware Config
Signatures
-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Taurus Stealer Payload 2 IoCs
-
Deletes itself 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Delays execution with timeout.exe 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\46af026f8b54d3857caf15c88286c3e3f202e67517cb4e927f9985bc018fc2bb.exe"C:\Users\Admin\AppData\Local\Temp\46af026f8b54d3857caf15c88286c3e3f202e67517cb4e927f9985bc018fc2bb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe/c timeout /t 3 & del /f /q C:\Users\Admin\AppData\Local\Temp\46af026f8b54d3857caf15c88286c3e3f202e67517cb4e927f9985bc018fc2bb.exe2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\timeout.exetimeout /t 33⤵
- Delays execution with timeout.exe
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
132KB
-
Filesize
216KB
-
Filesize
31.2MB