General
-
Target
ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0
-
Size
4.8MB
-
Sample
221130-xvk9lsfh46
-
MD5
9578320a570a9418287a43973257e90f
-
SHA1
52f78edd0760a78553057aac1c773ac995f71071
-
SHA256
ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0
-
SHA512
5c9a7e3aaf464c92444cc356872980f631c2c43edab97b405c720d97f1120720fad47b5401395755488c6cfae16c60697ff615da8c95d7fba2b89dfd94541442
-
SSDEEP
98304:Hrsj7jgiqLTLBerVAqqBPTec3lHdfVX0erUM5s/:L6ja3BKAjNvVEer
Behavioral task
behavioral1
Sample
ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0
-
Size
4.8MB
-
MD5
9578320a570a9418287a43973257e90f
-
SHA1
52f78edd0760a78553057aac1c773ac995f71071
-
SHA256
ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0
-
SHA512
5c9a7e3aaf464c92444cc356872980f631c2c43edab97b405c720d97f1120720fad47b5401395755488c6cfae16c60697ff615da8c95d7fba2b89dfd94541442
-
SSDEEP
98304:Hrsj7jgiqLTLBerVAqqBPTec3lHdfVX0erUM5s/:L6ja3BKAjNvVEer
-
Taurus Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-