Analysis
-
max time kernel
96s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-05-2022 15:51
General
-
Target
bcc1140c693034f8d9683d4cb0943b72566985b89c4f080c4f953317a9f79673.exe
-
Size
324KB
-
MD5
8518c709d0e64df3e63585cfcd33babf
-
SHA1
dc16e4941ce319e715ccc2f2d24289288f8f1596
-
SHA256
bcc1140c693034f8d9683d4cb0943b72566985b89c4f080c4f953317a9f79673
-
SHA512
26d8ce100a421a1b644db72025a7b974d2e22d775200e213a4ed28892e2c968d704f07df343316850c5d358720b25583733b2c72e8b2bef5e84c303944bbe34a
Score
10/10
Malware Config
Signatures
-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Taurus Stealer Payload 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Delays execution with timeout.exe 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bcc1140c693034f8d9683d4cb0943b72566985b89c4f080c4f953317a9f79673.exe"C:\Users\Admin\AppData\Local\Temp\bcc1140c693034f8d9683d4cb0943b72566985b89c4f080c4f953317a9f79673.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe/c timeout /t 3 & del /f /q C:\Users\Admin\AppData\Local\Temp\bcc1140c693034f8d9683d4cb0943b72566985b89c4f080c4f953317a9f79673.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\timeout.exetimeout /t 33⤵
- Delays execution with timeout.exe
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
220KB