General

  • Target

    42d5c8c21c595230a1b3f5555cda9acfdd04ff0c8819468ebb5a7d5763887d20

  • Size

    869KB

  • Sample

    230129-ybgmrace41

  • MD5

    727be7b61ca42c59142a37ea2a05bfb2

  • SHA1

    efdbcb00185dd49538473dd3ceae33b9bd6d618a

  • SHA256

    42d5c8c21c595230a1b3f5555cda9acfdd04ff0c8819468ebb5a7d5763887d20

  • SHA512

    a45a73892522bf3050f072baf973ec55da4b7b7ed2ac3b1832e54a96caf107c7410d6d006a5528034981adf3922e8273c60af2ed3e441891d8263dbdae52c0cb

  • SSDEEP

    12288:DNbrMUF8Gxf2l9iGv+nhoVMYB82OncXmONbrMUF8Gxf:xhmCgiGv+nhW82OnUhmC

Malware Config

Targets

    • Target

      42d5c8c21c595230a1b3f5555cda9acfdd04ff0c8819468ebb5a7d5763887d20

    • Size

      869KB

    • MD5

      727be7b61ca42c59142a37ea2a05bfb2

    • SHA1

      efdbcb00185dd49538473dd3ceae33b9bd6d618a

    • SHA256

      42d5c8c21c595230a1b3f5555cda9acfdd04ff0c8819468ebb5a7d5763887d20

    • SHA512

      a45a73892522bf3050f072baf973ec55da4b7b7ed2ac3b1832e54a96caf107c7410d6d006a5528034981adf3922e8273c60af2ed3e441891d8263dbdae52c0cb

    • SSDEEP

      12288:DNbrMUF8Gxf2l9iGv+nhoVMYB82OncXmONbrMUF8Gxf:xhmCgiGv+nhW82OnUhmC

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer payload

    • Accesses 2FA software files, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks