General

  • Target

    c1b0a127dd1f69399a03c8653776df9c

  • Size

    235KB

  • Sample

    240311-1pz3cshd88

  • MD5

    c1b0a127dd1f69399a03c8653776df9c

  • SHA1

    c66ab86b8bff31d74f077ec989887ba0aa186763

  • SHA256

    f20ff51110a2afc08e58fbfbb856043bc4a1510a95b46ccbf3770f7f8344214a

  • SHA512

    42583ed265820fd6c272e4513972314c4db0c401d939d932528320cfc78ceabccfb17b314a77657dcadf53843ce5316aa7f6a88f1700a0797b2caf45c1d4e93b

  • SSDEEP

    6144:QRSe86YHbe3UuWmX8DVNC8zzt6+KXDJ1DKmB87vN2U5TUjr:UfuuNsDfxatTB870Njr

Malware Config

Targets

    • Target

      c1b0a127dd1f69399a03c8653776df9c

    • Size

      235KB

    • MD5

      c1b0a127dd1f69399a03c8653776df9c

    • SHA1

      c66ab86b8bff31d74f077ec989887ba0aa186763

    • SHA256

      f20ff51110a2afc08e58fbfbb856043bc4a1510a95b46ccbf3770f7f8344214a

    • SHA512

      42583ed265820fd6c272e4513972314c4db0c401d939d932528320cfc78ceabccfb17b314a77657dcadf53843ce5316aa7f6a88f1700a0797b2caf45c1d4e93b

    • SSDEEP

      6144:QRSe86YHbe3UuWmX8DVNC8zzt6+KXDJ1DKmB87vN2U5TUjr:UfuuNsDfxatTB870Njr

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer payload

    • Deletes itself

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks