General

  • Target

    ea3f34c247aab89606489d062b246697_JaffaCakes118

  • Size

    774KB

  • Sample

    240919-apn2zs1dnn

  • MD5

    ea3f34c247aab89606489d062b246697

  • SHA1

    48c2b2f2f8cf518793533a7b588657ccf4302df7

  • SHA256

    8d721ae4f0e9bc45b9ed943d41d59ffc522fa7ffe624a562791997924c7f51fd

  • SHA512

    34558da96f3bcf6d0b29903403ffd611362fc7bebf29b4471ba8b693318a8c3c1e4650a738e3bf00879d4674b0b889d8bd4a03e86fc0771710bf304de3098c20

  • SSDEEP

    12288:z3a+H1dtXSOngM/CF39utpqZ3qdUiPPBDoAj3kob:zq+xigD/CF39uvqNqdjPPCARb

Malware Config

Targets

    • Target

      ea3f34c247aab89606489d062b246697_JaffaCakes118

    • Size

      774KB

    • MD5

      ea3f34c247aab89606489d062b246697

    • SHA1

      48c2b2f2f8cf518793533a7b588657ccf4302df7

    • SHA256

      8d721ae4f0e9bc45b9ed943d41d59ffc522fa7ffe624a562791997924c7f51fd

    • SHA512

      34558da96f3bcf6d0b29903403ffd611362fc7bebf29b4471ba8b693318a8c3c1e4650a738e3bf00879d4674b0b889d8bd4a03e86fc0771710bf304de3098c20

    • SSDEEP

      12288:z3a+H1dtXSOngM/CF39utpqZ3qdUiPPBDoAj3kob:zq+xigD/CF39uvqNqdjPPCARb

    • Taurus Stealer

      Taurus is an infostealer first seen in June 2020.

    • Taurus Stealer payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses 2FA software files, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks