General
-
Target
0530d87218253d7f3ddcaf0444dbcaa7b5e2e20be4c0b392e336d2646007bcf4
-
Size
3.0MB
-
Sample
220512-nxsxssdca4
-
MD5
91d00c164f45e9e6bafc44817d84be8d
-
SHA1
40ede9a7accfda3764f41682315586a95dd75e8c
-
SHA256
0530d87218253d7f3ddcaf0444dbcaa7b5e2e20be4c0b392e336d2646007bcf4
-
SHA512
166d55b050ad9d638ccfd38a41bf4e0ad057ff1b2c9485886f1a032f832e26837697c1f66a94e48d97cdb2bb4ecec70f2afba436ecc47cfc12d33e2d3aa4dc76
Static task
static1
Behavioral task
behavioral1
Sample
0530d87218253d7f3ddcaf0444dbcaa7b5e2e20be4c0b392e336d2646007bcf4.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
0530d87218253d7f3ddcaf0444dbcaa7b5e2e20be4c0b392e336d2646007bcf4
-
Size
3.0MB
-
MD5
91d00c164f45e9e6bafc44817d84be8d
-
SHA1
40ede9a7accfda3764f41682315586a95dd75e8c
-
SHA256
0530d87218253d7f3ddcaf0444dbcaa7b5e2e20be4c0b392e336d2646007bcf4
-
SHA512
166d55b050ad9d638ccfd38a41bf4e0ad057ff1b2c9485886f1a032f832e26837697c1f66a94e48d97cdb2bb4ecec70f2afba436ecc47cfc12d33e2d3aa4dc76
-
Taurus Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-