General
-
Target
KMSpico.exe
-
Size
4.5MB
-
Sample
230517-se7epafd94
-
MD5
d8d65c1beee8b951d1c798a4f5f6aa9f
-
SHA1
c6527763cd63bc01cf097f9f3670f0d2c1a3c54d
-
SHA256
6d2d0496dc172b3ae5dc0049c22b8541064ac04faff3140018ba6abc760026ad
-
SHA512
a81156a9021d81b735bd3e9324f57709390a8c87ef521d849f4c8a310f61229659fdc061fa3a06d4cd1e1f67832decf7d120fc4e5d2bd8a192ddc79f14f49a57
-
SSDEEP
98304:Hb9ajThszeFZURxHuuUksk0NOs1aCKkJLFxmU7w5CCDzlU22iMDd5lyOVT:HZ2uzw6xOZrxQCK2ic8CCDzl52iMjlyM
Malware Config
Targets
-
-
Target
KMSpico.exe
-
Size
4.5MB
-
MD5
d8d65c1beee8b951d1c798a4f5f6aa9f
-
SHA1
c6527763cd63bc01cf097f9f3670f0d2c1a3c54d
-
SHA256
6d2d0496dc172b3ae5dc0049c22b8541064ac04faff3140018ba6abc760026ad
-
SHA512
a81156a9021d81b735bd3e9324f57709390a8c87ef521d849f4c8a310f61229659fdc061fa3a06d4cd1e1f67832decf7d120fc4e5d2bd8a192ddc79f14f49a57
-
SSDEEP
98304:Hb9ajThszeFZURxHuuUksk0NOs1aCKkJLFxmU7w5CCDzlU22iMDd5lyOVT:HZ2uzw6xOZrxQCK2ic8CCDzl52iMjlyM
Score10/10-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Taurus Stealer payload
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-