MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68f9243f40945d2c3f15bed2d106401737caa94a26716af3d5918b3c0f760e8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TaurusStealer


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68f9243f40945d2c3f15bed2d106401737caa94a26716af3d5918b3c0f760e8b
SHA3-384 hash: 1fe1ada0f250da88b64cdbeb327cff1e79f330604c0ace8b105d01ed233a4e7af4736aed71abe8c194ec677613f35049
SHA1 hash: 5a405823e2516a40e62e83dd4010a012590a6403
MD5 hash: 8f96aa45f0dc7b30f4b15739e0679b7a
humanhash: dakota-single-spaghetti-avocado
File name:8f96aa45f0dc7b30f4b15739e0679b7a.exe
Download: download sample
Signature TaurusStealer
Create hunting rule
File size:443'392 bytes
First seen:2020-11-25 17:58:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5052f24e395a1260d72371ff8602c220 (1 x TaurusStealer)
ssdeep 6144:P55z9edCTP5crcJ/Q/jNeLX7uPtEF3L6uaiYNnJuvO2oF:P55z9edg5crY/Q/jNw7uPi9kiYNnJiO
Threatray 21 similar samples on MalwareBazaar
TLSH 22949DBFA712E455E0BC2BB053C74B55292F589833220017D6B22F6DBD673E4BE4AB44
Reporter abuse_ch
Tags:exe TaurusStealer


Avatar
abuse_ch
TaurusStealer C2:
http://185.205.210.172/cfg/

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105675/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Creating a window
Reading critical registry keys
Stealing user critical data
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/547274
Signature
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68f9243f40945d2c3f15bed2d106401737caa94a26716af3d5918b3c0f760e8b/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 18:00:06 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nd4sip2asrosypyvx3jncbsac434vkkkezywv46vsgftyd3wb2fq._file
Verdict:
unknown
Similar samples:
100f3322fa66d60cb9a64e2cbcceb0a9558e65e600526fcbc25852d62940c7ea
TaurusStealer
28af95bea8456409bdb09856b0f46304eff9801c3c841b1362ca7a794d7628a5
TaurusStealer
2f40f4d8e5fd1aeb0510e07f954f0f22f6d0e6644bae21bfcd5b913696c158cb
TaurusStealer
9e5f370201251e8dc138678f8e0d4f0bdd75e1353edcc77d41c8401621c2c671
TaurusStealer
a83fcb8454befab866f2ab18871017730bcfc3f690106844f740ebbd8cadd6d8
TaurusStealer
dc5f40f99496a7140ea7722698f2de741fb00845c7791d78ec0ba90fc4a04490
TaurusStealer
ebbf1f05b4ebc687893c9989688b139424d0fe6242ab490c7282b7bd6299c187
TaurusStealer
f1dc32d9d1065e929bea07b26b09210056271a74dcf0e6b4e2d9705590b3753e
TaurusStealer
f69bdd82ca22268d090832707e37b1cae408ba96476843b55feedac11acc6277
TaurusStealer
fd865a95aba368c5bef303415ae32e89141cc10b2455e5e9cba721a79bb3b78b
TaurusStealer
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/201125-1pvlamjmqs/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Accesses 2FA software files, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
68f9243f40945d2c3f15bed2d106401737caa94a26716af3d5918b3c0f760e8b
MD5 hash:
8f96aa45f0dc7b30f4b15739e0679b7a
SHA1 hash:
5a405823e2516a40e62e83dd4010a012590a6403
Link:
https://www.unpac.me/results/d8f3dc71-4adf-4429-9353-6e6740ba04ca/
SH256 hash:
9c26bf30c632cbc348eaa159789b30855d22f86eb4e9f01ca8305a77f96c1fbe
MD5 hash:
6d88cf8df72a785b943c2209e070b5f6
SHA1 hash:
7f15768c120004f6808120c3ce7f35750fb2df71
Link:
https://www.unpac.me/results/d8f3dc71-4adf-4429-9353-6e6740ba04ca/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/68f9243f40945d2c3f15bed2d106401737caa94a26716af3d5918b3c0f760e8b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TaurusStealer

Executable exe 68f9243f40945d2c3f15bed2d106401737caa94a26716af3d5918b3c0f760e8b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/853278/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/105675/

Comments