Overview

overview

10

Static

static

7

ad40eb035e...84.exe

windows7_x64

10

ad40eb035e...84.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad40eb035ec2cceddb5c9876fd4d4af285194d86ebf052c9629b38cb27800384

  • Size

    2.3MB

  • Sample

    220708-wbdvracfhj

  • MD5

    f259fb1b132c9b2cb699a6f2ae2bc324

  • SHA1

    21039286b53ba1218ce9a9679daf4177c226820f

  • SHA256

    ad40eb035ec2cceddb5c9876fd4d4af285194d86ebf052c9629b38cb27800384

  • SHA512

    97ba48df6224c87c34c66508f61e47531256a908cec2b535f80c18db71694b37e5943381b0fb8ccc3171279b038901e75f79d5e3f8800ce0d9a8050931497ff4

Score
10/10
taurusdiscoveryevasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      ad40eb035ec2cceddb5c9876fd4d4af285194d86ebf052c9629b38cb27800384

    • Size

      2.3MB

    • MD5

      f259fb1b132c9b2cb699a6f2ae2bc324

    • SHA1

      21039286b53ba1218ce9a9679daf4177c226820f

    • SHA256

      ad40eb035ec2cceddb5c9876fd4d4af285194d86ebf052c9629b38cb27800384

    • SHA512

      97ba48df6224c87c34c66508f61e47531256a908cec2b535f80c18db71694b37e5943381b0fb8ccc3171279b038901e75f79d5e3f8800ce0d9a8050931497ff4

    Score
    10/10
    taurusdiscoveryevasionspywarestealerthemidatrojan

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

      trojanstealertaurus

    • Taurus Stealer payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks