General

  • Target

    b49a216e03a62392dc1243d0f093c7ff_JaffaCakes118

  • Size

    396KB

  • Sample

    240404-k9953abc3t

  • MD5

    b49a216e03a62392dc1243d0f093c7ff

  • SHA1

    f42c94b9fba18c0cb9184c86584dc2745cd6ad02

  • SHA256

    5aae3d166c68743d2868bcd732fa61c2491ddcbe64e6a05f078b48f920cc2be5

  • SHA512

    d203184efa3cf1af1ae24ec78ba6ab3c8e1e101184be9dd9414b3fa2b0c9d3a91b26bf86450d48b4b694dfe99229afbf9d6ee9175d6030c0f2f11ae6fb606d72

  • SSDEEP

    6144:Et7yGXk+IlGThqs2YmTXTIbAsBJBM+CQjbTpalJj5gXep0nhCsZ:E0mk+1Q4ATIZBJCsMjNpT+

Malware Config

Targets

    • Target

      b49a216e03a62392dc1243d0f093c7ff_JaffaCakes118

    • Size

      396KB

    • MD5

      b49a216e03a62392dc1243d0f093c7ff

    • SHA1

      f42c94b9fba18c0cb9184c86584dc2745cd6ad02

    • SHA256

      5aae3d166c68743d2868bcd732fa61c2491ddcbe64e6a05f078b48f920cc2be5

    • SHA512

      d203184efa3cf1af1ae24ec78ba6ab3c8e1e101184be9dd9414b3fa2b0c9d3a91b26bf86450d48b4b694dfe99229afbf9d6ee9175d6030c0f2f11ae6fb606d72

    • SSDEEP

      6144:Et7yGXk+IlGThqs2YmTXTIbAsBJBM+CQjbTpalJj5gXep0nhCsZ:E0mk+1Q4ATIZBJCsMjNpT+

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer payload

    • Deletes itself

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks