taurus | 4734f6cd792df420b26a864fd71085393511fb4c6b0dd2017ebb3fd3897ec638

Analysis

max time kernel
171s
max time network
200s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-01-2023 17:34

Target

4734f6cd792df420b26a864fd71085393511fb4c6b0dd2017ebb3fd3897ec638.exe
Size

582KB
MD5

28a732a1d13cae5e3a500bd4c5f9c8e8
SHA1

4ea2adab7eaedffc9e9ccc5ef49185fa55588652
SHA256

4734f6cd792df420b26a864fd71085393511fb4c6b0dd2017ebb3fd3897ec638
SHA512

8559eda66ccdab68676217e8467f554a0704ce62bd258c3acee9683de96d21fcd181a2ecbbaac5e26d224c908b6f9ce92bbdcb1e495e332c86a890f7e86a40ce
SSDEEP

6144:F/cVnKFOhm+1B+lWEOZAoFPz0OhRtLbTqY3SaJg0Hfr5FbuZ6ViHJO:F8kqXZAoFQYRtn2YiaJt/r5FbnVeO

Score

10^/10

Taurus Stealer
Taurus is an infostealer first seen in June 2020.
trojan stealer taurus

Taurus Stealer payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2024-57-0x0000000000400000-0x0000000000493000-memory.dmp	family_taurus_stealer
behavioral1/memory/2024-58-0x0000000000400000-0x0000000000493000-memory.dmp	family_taurus_stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses 2FA software files, possible credential harvesting 2 TTPs
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\4734f6cd792df420b26a864fd71085393511fb4c6b0dd2017ebb3fd3897ec638.exe
"C:\Users\Admin\AppData\Local\Temp\4734f6cd792df420b26a864fd71085393511fb4c6b0dd2017ebb3fd3897ec638.exe"
1⤵
PID:2024

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2024-54-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download
memory/2024-55-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download
memory/2024-56-0x0000000000230000-0x00000000002AA000-memory.dmp

Filesize
488KB

Download
memory/2024-57-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download
memory/2024-58-0x0000000000400000-0x0000000000493000-memory.dmp

Filesize
588KB

Download
memory/2024-59-0x0000000000230000-0x00000000002AA000-memory.dmp

Filesize
488KB

Download