taurus | 7dbd7913c8da967e42d276dca90aaff3725ea664f72e7a2de68750b430a3cc46 | Triage

Submit
Reports

Overview

overview

Static

static

3

eb4c72c5d8...18.exe

windows7-x64

eb4c72c5d8...18.exe

windows10-2004-x64

Sharing

General

Target

eb4c72c5d82142335c230eb4991c57e5_JaffaCakes118
Size

201KB
Sample

240919-n86b9sxdjd
MD5

eb4c72c5d82142335c230eb4991c57e5
SHA1

07e29920a6c3ef51c21caa21cabf0d1dba95183c
SHA256

7dbd7913c8da967e42d276dca90aaff3725ea664f72e7a2de68750b430a3cc46
SHA512

17f38a0cc9836cb08b2c022af0bd28f6b4c5084afcd5bf46ceccc741f462854998421a9406b4d2cee4550ba2dd23baf41de2eb08b6705d74069de9b7ed35292b
SSDEEP

3072:OXhZRLDHMyddxDa1iR9KW2Z6UuH/Mh07p8v3CjiSsDzvi5/vN+bofLwnrOCe1kRL:OXVU1iRsW/lmfCjE6t+bojwnHeO

Score

10^/10

taurus credential_access discovery spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eb4c72c5d82142335c230eb4991c57e5_JaffaCakes118.exe

Resource

win7-20240903-en

taurus credential_access discovery spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb4c72c5d82142335c230eb4991c57e5_JaffaCakes118.exe

Resource

win10v2004-20240802-en

taurus credential_access discovery spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  eb4c72c5d82142335c230eb4991c57e5_JaffaCakes118
- Size
  
  201KB
- MD5
  
  eb4c72c5d82142335c230eb4991c57e5
- SHA1
  
  07e29920a6c3ef51c21caa21cabf0d1dba95183c
- SHA256
  
  7dbd7913c8da967e42d276dca90aaff3725ea664f72e7a2de68750b430a3cc46
- SHA512
  
  17f38a0cc9836cb08b2c022af0bd28f6b4c5084afcd5bf46ceccc741f462854998421a9406b4d2cee4550ba2dd23baf41de2eb08b6705d74069de9b7ed35292b
- SSDEEP
  
  3072:OXhZRLDHMyddxDa1iR9KW2Z6UuH/Mh07p8v3CjiSsDzvi5/vN+bofLwnrOCe1kRL:OXVU1iRsW/lmfCjE6t+bojwnHeO
Score

10^/10

taurus credential_access discovery spyware stealer trojan
- Taurus Stealer
  Taurus is an infostealer first seen in June 2020.
  trojan stealer taurus
- Taurus Stealer payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Deletes itself
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Browser Information Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tauruscredential_accessdiscoveryspywarestealertrojan

behavioral2

tauruscredential_accessdiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy