General

  • Target

    367780b9c350067200f349b0da08ad41

  • Size

    310KB

  • Sample

    231225-xqfhkagbgl

  • MD5

    367780b9c350067200f349b0da08ad41

  • SHA1

    dfd6dd1bd692cbfae3afb1f6085a560217eab9f8

  • SHA256

    af04d41e25c6ebce96a0983d5fcabb177294f6fb8442270d6fafc20cab982ab6

  • SHA512

    8a81b1547aaca62873ce7a88dde8b9468025a739edbe4e93b2d6ed770249f9115f02b1601a1d89a4ff2387b9b2d44a0cc73c9f68e29166e5710abf6f55d8e25c

  • SSDEEP

    6144:KFhoEZXPz+kfuomLr13loG44Jz867+aYl7k2TjvYaj/9GJI:KFh7PkBmG4Yz87aYl7kajP/9GJI

Malware Config

Targets

    • Target

      367780b9c350067200f349b0da08ad41

    • Size

      310KB

    • MD5

      367780b9c350067200f349b0da08ad41

    • SHA1

      dfd6dd1bd692cbfae3afb1f6085a560217eab9f8

    • SHA256

      af04d41e25c6ebce96a0983d5fcabb177294f6fb8442270d6fafc20cab982ab6

    • SHA512

      8a81b1547aaca62873ce7a88dde8b9468025a739edbe4e93b2d6ed770249f9115f02b1601a1d89a4ff2387b9b2d44a0cc73c9f68e29166e5710abf6f55d8e25c

    • SSDEEP

      6144:KFhoEZXPz+kfuomLr13loG44Jz867+aYl7k2TjvYaj/9GJI:KFh7PkBmG4Yz87aYl7kajP/9GJI

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks