General

  • Target

    181d1c0f87b5054ec4b76881abd8bee6_JaffaCakes118

  • Size

    196KB

  • Sample

    240505-rv4s3afg83

  • MD5

    181d1c0f87b5054ec4b76881abd8bee6

  • SHA1

    fee7563206b1649ee97e97b2be5151eeed3e5b1d

  • SHA256

    95243c2b1612cc480064343f0f6445da2ec3d118f00e2115b7fd1ea68e867bec

  • SHA512

    6058e85b369cc3a3669e0c96699fbb1f55b7bc4f274e3c564fbd38937d1d3b206d8771f9bd813131aaa883371d03b437566c4d7a8688dc39649859c82088837b

  • SSDEEP

    3072:AXZxpP/LI6iwRtjG4DrcGqGI9fP7AhdLEsUXbPwUO784beW3VzrAHHZD5YgwJpeL:AXNqH4DmX9fP7AHEBb+bvxrOHqgL

Malware Config

Targets

    • Target

      181d1c0f87b5054ec4b76881abd8bee6_JaffaCakes118

    • Size

      196KB

    • MD5

      181d1c0f87b5054ec4b76881abd8bee6

    • SHA1

      fee7563206b1649ee97e97b2be5151eeed3e5b1d

    • SHA256

      95243c2b1612cc480064343f0f6445da2ec3d118f00e2115b7fd1ea68e867bec

    • SHA512

      6058e85b369cc3a3669e0c96699fbb1f55b7bc4f274e3c564fbd38937d1d3b206d8771f9bd813131aaa883371d03b437566c4d7a8688dc39649859c82088837b

    • SSDEEP

      3072:AXZxpP/LI6iwRtjG4DrcGqGI9fP7AhdLEsUXbPwUO784beW3VzrAHHZD5YgwJpeL:AXNqH4DmX9fP7AHEBb+bvxrOHqgL

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer payload

    • Deletes itself

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks