taurus | ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0

General

Target

9578320a570a9418287a43973257e90f_JaffaCakes118
Size

4.8MB
Sample

240814-k7x3qayfpq
MD5

9578320a570a9418287a43973257e90f
SHA1

52f78edd0760a78553057aac1c773ac995f71071
SHA256

ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0
SHA512

5c9a7e3aaf464c92444cc356872980f631c2c43edab97b405c720d97f1120720fad47b5401395755488c6cfae16c60697ff615da8c95d7fba2b89dfd94541442
SSDEEP

98304:Hrsj7jgiqLTLBerVAqqBPTec3lHdfVX0erUM5s/:L6ja3BKAjNvVEer

Score

10^/10

Malware Config

Targets

- Target
  
  9578320a570a9418287a43973257e90f_JaffaCakes118
- Size
  
  4.8MB
- MD5
  
  9578320a570a9418287a43973257e90f
- SHA1
  
  52f78edd0760a78553057aac1c773ac995f71071
- SHA256
  
  ef63f7d8705ef291353ebbaf3d7661ef8f28cdc3d7cbded767af7b24dfde44f0
- SHA512
  
  5c9a7e3aaf464c92444cc356872980f631c2c43edab97b405c720d97f1120720fad47b5401395755488c6cfae16c60697ff615da8c95d7fba2b89dfd94541442
- SSDEEP
  
  98304:Hrsj7jgiqLTLBerVAqqBPTec3lHdfVX0erUM5s/:L6ja3BKAjNvVEer
Score

10^/10

taurus credential_access discovery evasion spyware stealer themida trojan vmprotect
- Taurus Stealer
  Taurus is an infostealer first seen in June 2020.
  trojan stealer taurus
- Taurus Stealer payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2