Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
08-07-2022 15:11
General
-
Target
d6ee014eaa4e26e6231863b69d57689fc69ae3ed5429a01d8e2ab2342847b395.exe
-
Size
454KB
-
MD5
d5527daf91cb7cd9d0498626fb2f58b8
-
SHA1
4f86d8c1b8debd96842a09343bea0fe53d7b20d0
-
SHA256
d6ee014eaa4e26e6231863b69d57689fc69ae3ed5429a01d8e2ab2342847b395
-
SHA512
716e61f70c4b80292ccbd0efbe2f6fb353118251bed3fb5840c8181c5ced10feab9ac3097d75f30763be49e76bf46acdd0980389b91a59b6258185cff1f3b366
Score
10/10
Malware Config
Signatures
-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Taurus Stealer payload 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6ee014eaa4e26e6231863b69d57689fc69ae3ed5429a01d8e2ab2342847b395.exe"C:\Users\Admin\AppData\Local\Temp\d6ee014eaa4e26e6231863b69d57689fc69ae3ed5429a01d8e2ab2342847b395.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1660-54-0x00000000753C1000-0x00000000753C3000-memory.dmpFilesize
8KB
-
memory/1660-55-0x00000000002A0000-0x000000000030F000-memory.dmpFilesize
444KB
-
memory/1660-56-0x0000000000400000-0x0000000000475000-memory.dmpFilesize
468KB
-
memory/1660-57-0x00000000002A0000-0x000000000030F000-memory.dmpFilesize
444KB