taurus | 9d394831f18846d25b678ad8ef8688b07e2fe95f202b24ace0e5a667f26c1ee5 | Triage

Sharing

General

Target

9d394831f18846d25b678ad8ef8688b07e2fe95f202b24ace0e5a667f26c1ee5
Size

1.0MB
Sample

220427-vl7edaaahp
MD5

8a7b53712f61a0902b54d35c4ef06c2a
SHA1

d25797f2629a827f606024cc51a2bddb796d4452
SHA256

9d394831f18846d25b678ad8ef8688b07e2fe95f202b24ace0e5a667f26c1ee5
SHA512

f92b60577db8ac397df39fd01481ca285bdb9b4249c3e641e8c2d71d3ea98c58ea66ab9897ea1fd1798da5c134ee50c0f3f87e38299c626577b24bd8f95308cf

Score

10^/10

taurus persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  9d394831f18846d25b678ad8ef8688b07e2fe95f202b24ace0e5a667f26c1ee5
- Size
  
  1.0MB
- MD5
  
  8a7b53712f61a0902b54d35c4ef06c2a
- SHA1
  
  d25797f2629a827f606024cc51a2bddb796d4452
- SHA256
  
  9d394831f18846d25b678ad8ef8688b07e2fe95f202b24ace0e5a667f26c1ee5
- SHA512
  
  f92b60577db8ac397df39fd01481ca285bdb9b4249c3e641e8c2d71d3ea98c58ea66ab9897ea1fd1798da5c134ee50c0f3f87e38299c626577b24bd8f95308cf
Score

10^/10

persistence taurus spyware stealer trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Taurus Stealer
  Taurus is an infostealer first seen in June 2020.
  trojan stealer taurus
- Taurus Stealer Payload
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

tauruspersistencespywarestealertrojan