General
-
Target
ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0
-
Size
4.8MB
-
Sample
221130-xvk9lsfh46
-
MD5
9578320a570a9418287a43973257e90f
-
SHA1
52f78edd0760a78553057aac1c773ac995f71071
-
SHA256
ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0
-
SHA512
5c9a7e3aaf464c92444cc356872980f631c2c43edab97b405c720d97f1120720fad47b5401395755488c6cfae16c60697ff615da8c95d7fba2b89dfd94541442
-
SSDEEP
98304:Hrsj7jgiqLTLBerVAqqBPTec3lHdfVX0erUM5s/:L6ja3BKAjNvVEer
Malware Config
Targets
-
-
Target
ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0
-
Size
4.8MB
-
MD5
9578320a570a9418287a43973257e90f
-
SHA1
52f78edd0760a78553057aac1c773ac995f71071
-
SHA256
ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0
-
SHA512
5c9a7e3aaf464c92444cc356872980f631c2c43edab97b405c720d97f1120720fad47b5401395755488c6cfae16c60697ff615da8c95d7fba2b89dfd94541442
-
SSDEEP
98304:Hrsj7jgiqLTLBerVAqqBPTec3lHdfVX0erUM5s/:L6ja3BKAjNvVEer
Score10/10-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Taurus Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-