MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b9f635e4fdcd604301232cbf99882303bded31ab572e692b688f10cac5677a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TaurusStealer


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b9f635e4fdcd604301232cbf99882303bded31ab572e692b688f10cac5677a0
SHA3-384 hash: d11b49b6c03c2d6951b604633b279b0a3dd7d0db0770e2935ba219a582616bfc5f949553fca871f2ef8cab7dbfc2ca9f
SHA1 hash: b21b1c681e8258fc6ddda02121171c0dbe85a6b9
MD5 hash: 8ae3e9c831721116174321d4edb76b42
humanhash: uranus-arizona-november-video
File name:8ae3e9c831721116174321d4edb76b42.exe
Download: download sample
Signature TaurusStealer
Create hunting rule
File size:352'768 bytes
First seen:2021-04-18 14:01:45 UTC
Last seen:2021-04-18 15:08:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 683b1dbf821a6aafc4e9e892fc722419 (4 x TaurusStealer, 3 x RaccoonStealer)
ssdeep 6144:+0eD+jAL6XJSGoPaamTHQHzMcwiyp4i4HsKtd70QfBg8t0T1CzmOy:+0eDhdL46zMbtpvMTtdgQfKm5b
Threatray 54 similar samples on MalwareBazaar
TLSH 7D74CF6572D0E133C08221764215CFB18E7A7836296A598BBBC55BF85FF43E1EA213CD
Reporter abuse_ch
Tags:exe TaurusStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8ae3e9c831721116174321d4edb76b42.exe
Verdict:
Malicious activity
Analysis date:
2021-04-18 14:03:07 UTC
Tags:
trojan taurus stealer predator
Link:
https://app.any.run/tasks/1610625a-c76f-4454-85bf-770309ab6ae4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/137754/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.25967.24028.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Containing strings that indicate a threat
Reading critical registry keys
Creating a file
Deleting a recently created file
Replacing files
Sending a UDP request
Stealing user critical data
Sending an HTTP POST request to an infection source
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Predator Taurus Stealer
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/685082
Signature
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Predator
Yara detected Taurus Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b9f635e4fdcd604301232cbf99882303bded31ab572e692b688f10cac5677a0/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bopwgxsp3tlaimasglf7tgecga555uy2wvzonevwrdyqzlcwo6qa._file
Verdict:
malicious
Similar samples:
0595ed217175111f8512486a87acdf3dbde38bb7db819dc5f22df7d1ea8aa3a2
TaurusStealer
20aa2a4abbebdb069726b69a4d9a2041599de56f167de9a64b7996433c5b33ec
TaurusStealer
2713778531071a2f5e9d1166b2e55ed95afeaaa7b839bd504c7453448f583cee
TaurusStealer
2d112aebd685269e3a26aaeca52f6f2691845fc13864c9fb7d463c5f6c032f66
TaurusStealer
45feb97cce0d34dc6c93494ba82a0b657ed513d1f9a0962b4415e0e51d05fa4e
TaurusStealer
6c5d7642a58d60f603a1931f20977219becef21e957641a250c272c3fab74b2d
TaurusStealer
a423314d33b74a166ce89ccef59bd5da0b25a6cfdc4ab59ac0fe157dad3082cd
TaurusStealer
b2e0a2a4ee3ca452cd290a72cd11f0fe2e178ca8566badd578377fa211aa59a8
TaurusStealer
b46b850653845d1f4f228cba48ef413daed75df4d130978d7a4ac00059f63e66
TaurusStealer
bc5e3b9e7638a68bbb36387281fedc1bedb12d67575b9242a47c0bf0c8f3c265
TaurusStealer
+ 44 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/210418-9epq49tlrx/
Behaviour
Accesses 2FA software files, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TaurusStealer

Executable exe 0b9f635e4fdcd604301232cbf99882303bded31ab572e692b688f10cac5677a0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1131480/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/137754/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-04-18 15:11:51 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0012.001] Anti-Static Analysis::Argument Obfuscation
1) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
2) [C0021.004] Cryptography Micro-objective::RC4 PRGA::Generate Pseudo-random Sequence
3) [C0049] File System Micro-objective::Get File Attributes
4) [C0051] File System Micro-objective::Read File
5) [C0050] File System Micro-objective::Set File Attributes
6) [C0052] File System Micro-objective::Writes File
7) [C0007] Memory Micro-objective::Allocate Memory
8) [C0033] Operating System Micro-objective::Console
9) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
10) [C0040] Process Micro-objective::Allocate Thread Local Storage
11) [C0041] Process Micro-objective::Set Thread Local Storage Value
12) [C0018] Process Micro-objective::Terminate Process