General

  • Target

    e0a2cb336eb4ac91b1a7063197141dad_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240914-vmgv4svhra

  • MD5

    e0a2cb336eb4ac91b1a7063197141dad

  • SHA1

    f342999fef91b90c1e12cf036b86e1a6ed0c04fe

  • SHA256

    52d0fdb41312a46d599e5d9bd68659e657003ca80967e18e7a11e2757af52bb3

  • SHA512

    0f81bf6b4abf2f6f074273ee23cb7aecce158615a85ee9e56ca12296b1052251e464af30a5f8c332d66d4860d135e90daca6b0a2edbba0ac5a55e0a1e4796093

  • SSDEEP

    12288:3Gw80d8HVJJVfqWq/iXt5XeK9POudm5+R6rIhqkIHq0dp4ZDTsnDqaSftffBWkro:3Gw80d8LXqu5XeqPOEjLdTIuthA

Malware Config

Targets

    • Target

      e0a2cb336eb4ac91b1a7063197141dad_JaffaCakes118

    • Size

      1.0MB

    • MD5

      e0a2cb336eb4ac91b1a7063197141dad

    • SHA1

      f342999fef91b90c1e12cf036b86e1a6ed0c04fe

    • SHA256

      52d0fdb41312a46d599e5d9bd68659e657003ca80967e18e7a11e2757af52bb3

    • SHA512

      0f81bf6b4abf2f6f074273ee23cb7aecce158615a85ee9e56ca12296b1052251e464af30a5f8c332d66d4860d135e90daca6b0a2edbba0ac5a55e0a1e4796093

    • SSDEEP

      12288:3Gw80d8HVJJVfqWq/iXt5XeK9POudm5+R6rIhqkIHq0dp4ZDTsnDqaSftffBWkro:3Gw80d8LXqu5XeqPOEjLdTIuthA

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses 2FA software files, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks