General

  • Target

    0f1d580624cc7159b639bb65686efbba

  • Size

    932KB

  • Sample

    231225-jdxz7aeaf7

  • MD5

    0f1d580624cc7159b639bb65686efbba

  • SHA1

    53415dcbf70f15094af36a3694579b8027019310

  • SHA256

    0e362e064fca6127dff2f0b52d55343494ed661e54aafad7ee923545974ec2e1

  • SHA512

    01f349e40fb7e8ca9ef874cfdb48c776f17760618dbbc37d756e4e9dbb446d55e0fbad5c8848fa5845341a916b3f4ad0f30be9197505a80ea35b7afdc7de98f7

  • SSDEEP

    12288:TfMa+NXT+Nl+NeE+N3E+NB9E+NIE+N6+Nh+N/+Nh+NQ+NE+NX+Nv+Ny+NX+NZ+NL:4VWrh3LXkuE67Ee8/RjP4T

Malware Config

Targets

    • Target

      0f1d580624cc7159b639bb65686efbba

    • Size

      932KB

    • MD5

      0f1d580624cc7159b639bb65686efbba

    • SHA1

      53415dcbf70f15094af36a3694579b8027019310

    • SHA256

      0e362e064fca6127dff2f0b52d55343494ed661e54aafad7ee923545974ec2e1

    • SHA512

      01f349e40fb7e8ca9ef874cfdb48c776f17760618dbbc37d756e4e9dbb446d55e0fbad5c8848fa5845341a916b3f4ad0f30be9197505a80ea35b7afdc7de98f7

    • SSDEEP

      12288:TfMa+NXT+Nl+NeE+N3E+NB9E+NIE+N6+Nh+N/+Nh+NQ+NE+NX+Nv+Ny+NX+NZ+NL:4VWrh3LXkuE67Ee8/RjP4T

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks