taurus | c7685d2b519c5e3838daeeab473106345b4bd434e733ec8aa2b8a5b5ad8eb902 | Triage

Submit
Reports

Overview

overview

Static

static

1

a1a258c9e2...a3.exe

windows7-x64

a1a258c9e2...a3.exe

windows10-2004-x64

Sharing

General

Target

b1bf0502579ad6cd7d76a42be84e8bbe
Size

244KB
Sample

231227-qtte9sbghj
MD5

b1bf0502579ad6cd7d76a42be84e8bbe
SHA1

c504901b4031e117e4e6dfada6e7471dea7c36fd
SHA256

c7685d2b519c5e3838daeeab473106345b4bd434e733ec8aa2b8a5b5ad8eb902
SHA512

235fceba028418d02cf97aa02801d928e1d72bd5f74a4edc40d66ff824f63f5768985bcd236d5828aabeb62d524126fc1594c3e9ad44f9d193ff94392b5441c5
SSDEEP

6144:9eCzgAfHUX+LEK9lTwNqTd/3Uoj131JvOzflLxof5F9BjQ:NHUX+gSHT1EobxOxFs9NQ

Score

10^/10

taurus discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a1a258c9e2751e7d0906c64e27d5999ab380017639fc97d49dc1c0df3a2c3ea3.exe

Resource

win7-20231129-en

taurus discovery spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a1a258c9e2751e7d0906c64e27d5999ab380017639fc97d49dc1c0df3a2c3ea3.exe

Resource

win10v2004-20231215-en

taurus spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a1a258c9e2751e7d0906c64e27d5999ab380017639fc97d49dc1c0df3a2c3ea3
- Size
  
  339KB
- MD5
  
  85d26f599f100e876542f3977e8539c5
- SHA1
  
  82289e92aa61b145b7c966293acfd0cb9ab9d5db
- SHA256
  
  a1a258c9e2751e7d0906c64e27d5999ab380017639fc97d49dc1c0df3a2c3ea3
- SHA512
  
  322cd8ab595fa5b6dbfe5ce0b720f41d18d1a4917cd43e373b62669c51b41397d8aab811f577e325d0bf54474ca5db5cd1ea1979de9ddfabd0148ad081c32f4b
- SSDEEP
  
  6144:l98cADCn51AMvn52ReDSjYHXCCY+4umkxmHRjsz6:/n7AI5HQYHXCzVumGmxgz6
Score

10^/10

taurus discovery spyware stealer trojan
- Taurus Stealer
  Taurus is an infostealer first seen in June 2020.
  trojan stealer taurus
- Taurus Stealer payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

taurusdiscoveryspywarestealertrojan

behavioral2

taurusspywarestealertrojan

© 2018-2024

Terms | Privacy