Analysis
-
max time kernel
151s -
max time network
177s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-01-2023 19:52
Static task
static1
Behavioral task
behavioral1
Sample
b797a47861749b5269ac8853742b0ef7ee5739cc450480c82bafaaa270ed87b7.exe
Resource
win7-20220812-en
General
-
Target
b797a47861749b5269ac8853742b0ef7ee5739cc450480c82bafaaa270ed87b7.exe
-
Size
351KB
-
MD5
08566cf6af0080cc7d2fab254ccb7d8e
-
SHA1
3d094a64d250c1c67caadc1930d800973ddd8237
-
SHA256
b797a47861749b5269ac8853742b0ef7ee5739cc450480c82bafaaa270ed87b7
-
SHA512
e2791a497603738e0180a0be593ab28b3a89e340fe16baf71077184999b5eef2b6b5b7155072e82ae5035f7c2e668f881133d26a91a287129f05cc9373050244
-
SSDEEP
6144:gCDHU44quM5Vqrq1MtCZx1YfV+n0J0q5q+m2tEaELUTBk8IxWBvO4IwymeAl/:g344jgUrOMtyzSVHfI+vybHBxWlOTwsI
Malware Config
Signatures
-
Taurus Stealer payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1092-57-0x00000000002A0000-0x00000000002D8000-memory.dmp family_taurus_stealer behavioral1/memory/1092-58-0x0000000000400000-0x0000000002AF9000-memory.dmp family_taurus_stealer -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.