taurus | 0a0fb629a415802ac21e2e171a248b1d4e47eaa8ef9ee249cd60ca53c15d05bf

General

Target

0a0fb629a415802ac21e2e171a248b1d4e47eaa8ef9ee249cd60ca53c15d05bf
Size

219KB
MD5

489aebf582dbe64c3c9602ab984f4b4e
SHA1

5a4e9afab9bc144c1a2267223553b55f8b01d3f5
SHA256

0a0fb629a415802ac21e2e171a248b1d4e47eaa8ef9ee249cd60ca53c15d05bf
SHA512

7c5df4fe5c30797af1b1f89310b890e7c4377f297286b903803b81651f1ce6b8988f1e39e0e9f99ceedf07636c85ddef8b58d6f699052e9dde7bbbd6307cc0b2
SSDEEP

6144:3h8ycbEmFtrnp07wcr8U4KJkpRuTjwH66cdTSOkB:3hl10piwcr8pBRuTj7dTzkB

Score

10^/10

taurus

Malware Config

Signatures

Taurus Stealer payload 1 IoCs

Processes:

resource	yara_rule
sample	family_taurus_stealer

Taurus family
taurus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
0a0fb629a415802ac21e2e171a248b1d4e47eaa8ef9ee249cd60ca53c15d05bf

Files

0a0fb629a415802ac21e2e171a248b1d4e47eaa8ef9ee249cd60ca53c15d05bf
.exe windows x86

2671093aaf9ba4c57392775d4a49e897

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW

kernel32

HeapFree
DecodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2671093aaf9ba4c57392775d4a49e897

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 7KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 7KB

.reloc
Size: 6KB - Virtual size: 5KB