General
-
Target
bf4a76c73c784edff7a499cdc5284f6a6e5d0e4ae6074097feaa5e9b086ee618
-
Size
1.7MB
-
Sample
221125-l2rt7ahd54
-
MD5
a4626ce09b592d661c3a053cffbbbbbf
-
SHA1
9210bac9eccce0b73afbeec21bce029fa873d024
-
SHA256
bf4a76c73c784edff7a499cdc5284f6a6e5d0e4ae6074097feaa5e9b086ee618
-
SHA512
99a0844367530a9be796c99d86fbf234dec9390b0c580b5303fd8cc9c0fd02ce7661a4f111c2652d3b3b26e6a1354bb6ef78119960066e27cc311d932975ced0
-
SSDEEP
49152:wLMHj1x0js2+7Z285wh2BOi3LaKLWaejEA:wAHjH0FKZ22wEwi3LPaa
Malware Config
Targets
-
-
Target
bf4a76c73c784edff7a499cdc5284f6a6e5d0e4ae6074097feaa5e9b086ee618
-
Size
1.7MB
-
MD5
a4626ce09b592d661c3a053cffbbbbbf
-
SHA1
9210bac9eccce0b73afbeec21bce029fa873d024
-
SHA256
bf4a76c73c784edff7a499cdc5284f6a6e5d0e4ae6074097feaa5e9b086ee618
-
SHA512
99a0844367530a9be796c99d86fbf234dec9390b0c580b5303fd8cc9c0fd02ce7661a4f111c2652d3b3b26e6a1354bb6ef78119960066e27cc311d932975ced0
-
SSDEEP
49152:wLMHj1x0js2+7Z285wh2BOi3LaKLWaejEA:wAHjH0FKZ22wEwi3LPaa
Score10/10-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Taurus Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-