General

  • Target

    b1bf0502579ad6cd7d76a42be84e8bbe

  • Size

    244KB

  • Sample

    231227-qtte9sbghj

  • MD5

    b1bf0502579ad6cd7d76a42be84e8bbe

  • SHA1

    c504901b4031e117e4e6dfada6e7471dea7c36fd

  • SHA256

    c7685d2b519c5e3838daeeab473106345b4bd434e733ec8aa2b8a5b5ad8eb902

  • SHA512

    235fceba028418d02cf97aa02801d928e1d72bd5f74a4edc40d66ff824f63f5768985bcd236d5828aabeb62d524126fc1594c3e9ad44f9d193ff94392b5441c5

  • SSDEEP

    6144:9eCzgAfHUX+LEK9lTwNqTd/3Uoj131JvOzflLxof5F9BjQ:NHUX+gSHT1EobxOxFs9NQ

Malware Config

Targets

    • Target

      a1a258c9e2751e7d0906c64e27d5999ab380017639fc97d49dc1c0df3a2c3ea3

    • Size

      339KB

    • MD5

      85d26f599f100e876542f3977e8539c5

    • SHA1

      82289e92aa61b145b7c966293acfd0cb9ab9d5db

    • SHA256

      a1a258c9e2751e7d0906c64e27d5999ab380017639fc97d49dc1c0df3a2c3ea3

    • SHA512

      322cd8ab595fa5b6dbfe5ce0b720f41d18d1a4917cd43e373b62669c51b41397d8aab811f577e325d0bf54474ca5db5cd1ea1979de9ddfabd0148ad081c32f4b

    • SSDEEP

      6144:l98cADCn51AMvn52ReDSjYHXCCY+4umkxmHRjsz6:/n7AI5HQYHXCzVumGmxgz6

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks