Overview

overview

10

Static

static

1

a1a258c9e2...a3.exe

windows7-x64

10

a1a258c9e2...a3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1bf0502579ad6cd7d76a42be84e8bbe

  • Size

    244KB

  • Sample

    240304-k397gsff44

  • MD5

    b1bf0502579ad6cd7d76a42be84e8bbe

  • SHA1

    c504901b4031e117e4e6dfada6e7471dea7c36fd

  • SHA256

    c7685d2b519c5e3838daeeab473106345b4bd434e733ec8aa2b8a5b5ad8eb902

  • SHA512

    235fceba028418d02cf97aa02801d928e1d72bd5f74a4edc40d66ff824f63f5768985bcd236d5828aabeb62d524126fc1594c3e9ad44f9d193ff94392b5441c5

  • SSDEEP

    6144:9eCzgAfHUX+LEK9lTwNqTd/3Uoj131JvOzflLxof5F9BjQ:NHUX+gSHT1EobxOxFs9NQ

Score
10/10
taurusdiscoveryspywarestealertrojan

Malware Config

Targets

    • Target

      a1a258c9e2751e7d0906c64e27d5999ab380017639fc97d49dc1c0df3a2c3ea3

    • Size

      339KB

    • MD5

      85d26f599f100e876542f3977e8539c5

    • SHA1

      82289e92aa61b145b7c966293acfd0cb9ab9d5db

    • SHA256

      a1a258c9e2751e7d0906c64e27d5999ab380017639fc97d49dc1c0df3a2c3ea3

    • SHA512

      322cd8ab595fa5b6dbfe5ce0b720f41d18d1a4917cd43e373b62669c51b41397d8aab811f577e325d0bf54474ca5db5cd1ea1979de9ddfabd0148ad081c32f4b

    • SSDEEP

      6144:l98cADCn51AMvn52ReDSjYHXCCY+4umkxmHRjsz6:/n7AI5HQYHXCzVumGmxgz6

    Score
    10/10
    taurusdiscoveryspywarestealertrojan

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

      trojanstealertaurus

    • Taurus Stealer payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks