Overview

overview

10

Static

static

7

bf4a76c73c...18.exe

windows7-x64

10

bf4a76c73c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf4a76c73c784edff7a499cdc5284f6a6e5d0e4ae6074097feaa5e9b086ee618

  • Size

    1.7MB

  • Sample

    221125-l2rt7ahd54

  • MD5

    a4626ce09b592d661c3a053cffbbbbbf

  • SHA1

    9210bac9eccce0b73afbeec21bce029fa873d024

  • SHA256

    bf4a76c73c784edff7a499cdc5284f6a6e5d0e4ae6074097feaa5e9b086ee618

  • SHA512

    99a0844367530a9be796c99d86fbf234dec9390b0c580b5303fd8cc9c0fd02ce7661a4f111c2652d3b3b26e6a1354bb6ef78119960066e27cc311d932975ced0

  • SSDEEP

    49152:wLMHj1x0js2+7Z285wh2BOi3LaKLWaejEA:wAHjH0FKZ22wEwi3LPaa

Score
10/10
taurusdiscoveryevasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      bf4a76c73c784edff7a499cdc5284f6a6e5d0e4ae6074097feaa5e9b086ee618

    • Size

      1.7MB

    • MD5

      a4626ce09b592d661c3a053cffbbbbbf

    • SHA1

      9210bac9eccce0b73afbeec21bce029fa873d024

    • SHA256

      bf4a76c73c784edff7a499cdc5284f6a6e5d0e4ae6074097feaa5e9b086ee618

    • SHA512

      99a0844367530a9be796c99d86fbf234dec9390b0c580b5303fd8cc9c0fd02ce7661a4f111c2652d3b3b26e6a1354bb6ef78119960066e27cc311d932975ced0

    • SSDEEP

      49152:wLMHj1x0js2+7Z285wh2BOi3LaKLWaejEA:wAHjH0FKZ22wEwi3LPaa

    Score
    10/10
    taurusdiscoveryevasionspywarestealerthemidatrojan

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

      trojanstealertaurus

    • Taurus Stealer payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks