MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4245088e2600188006929bc88f455b57e849ef1748c0bda3e9bd3c4dd23ae017. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TaurusStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	4245088e2600188006929bc88f455b57e849ef1748c0bda3e9bd3c4dd23ae017
SHA3-384 hash:	090bed5f68a20bc58ff9d9384a5e9176ae9949122705028aec45e4f0abe08f7157624f5bf3dab2b1389ea7c8f6dd8585
SHA1 hash:	0f79bd426cfdbec95a7e0e80abcc315308aa7482
MD5 hash:	04a983eb92baac0796e521b69b784d34
humanhash:	enemy-alabama-south-edward
File name:	Predator Stealer
Download:	download sample
Signature	TaurusStealer Create hunting rule
File size:	345'600 bytes
First seen:	2020-06-26 10:55:45 UTC
Last seen:	2020-06-26 11:34:30 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d1806f06cfd7d457d67a0e9018af83d7 (1 x TaurusStealer)
ssdeep	6144:aPDbZMKXbZm3VS4vzjTHQ7/eybn6ASv4Yn4uMD4tiIFkh:i/atIfL6AHluMD4XFkh
Threatray	10 similar samples on MalwareBazaar
TLSH	32744A326F414431E3130132E8649AA445686D240D2189B3B7FA7D1AF6E7CBEDD13FAB
Reporter	JAMESWT_WT
Tags:	Predator TaurusStealer

Intelligence

File Origin

# of uploads :

2

# of downloads :

206

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/14862/

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Containing strings that indicate a threat

Sending an HTTP POST request

Creating a window

Reading critical registry keys

Reading Telegram data

Stealing user critical data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4245088e2600188006929bc88f455b57e849ef1748c0bda3e9bd3c4dd23ae017/

Threat name:

Win32.Trojan.Predator

Status:

Malicious

First seen:

2020-06-26 10:55:26 UTC

File Type:

PE (Exe)

Extracted files:

10

AV detection:

27 of 42 (64.29%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ijcqrdrgaamiabustpei6rk3k7uet3yxjdal3i7jxu6e3ur24alq._file

Verdict:

unknown

Similar samples:

0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952

692dc7ac48dfa381cd7f860236876e3621af2e1dc984b8f14cad498e412e88d8

77867995d1e8388230c9f71fee5e835b346bfcfef3fde418c6a773eea11b4afd

82686d76af9091e9988d8814900e65641e76d1cbedb261b9496a87708f7dd01f

b74e722c4a7b85d49e9c25991528d742161a1ae76c860e001868b1918dc66222

ce2644d2d9973ab0a3004942cef2d74d210882bea29d8b698c7af02d308b289e

e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb

e5d73714c09ee0fe864523ce30b3bd1a77190adedd278861df0a3ba22bea2d9f

e9e099041f67a2d9aa3088393503bb566166e65fdf97447e48fe26b5447e6f61

f1d71d77f6c9b0358f6421df901379e2d85c6c2a964506040780c79cda860b68

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware discovery

Link:

https://tria.ge/reports/200626-8evahk18px/

Behaviour

Checks for installed software on the system

Reads user/profile data of web browsers

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/14862/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample