MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 828286a465b64587f2cfdb7b10319fca29c9a6b8c6903edc26044edca78e69ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TaurusStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 828286a465b64587f2cfdb7b10319fca29c9a6b8c6903edc26044edca78e69ed
SHA3-384 hash: cae1bf1270a6ed2709d916252b81b6934295b9c7c30c6710879f28185deaef4a7609f0fce6f51b35a628bcfc6def5b4e
SHA1 hash: 76b7226474b83973c8104ead1743ee9240e42e3d
MD5 hash: 046d664c5ed7f8bab938bc3709e328c3
humanhash: diet-utah-florida-butter
File name:046d664c5ed7f8bab938bc3709e328c3.exe
Download: download sample
Signature TaurusStealer
Create hunting rule
File size:354'816 bytes
First seen:2021-04-21 13:35:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 43da838511e53b40a603607c16d0c666 (1 x TaurusStealer)
ssdeep 6144:sc2qJOs8I5oVe8li5ByM75zsXw4SPTqcyJNQXlTWRI:sXq8s84oVevfs1SPTA
Threatray 61 similar samples on MalwareBazaar
TLSH D074C01132D0C033D457217686A5CBF62EBAB831176A6A8F7FC90ABD5F747E1672130A
Reporter abuse_ch
Tags:exe TaurusStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/142138/
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Containing strings that indicate a threat
Creating a window
Reading critical registry keys
Creating a file
Deleting a recently created file
Replacing files
Sending a UDP request
Launching cmd.exe command interpreter
Launching a process
Stealing user critical data
Sending an HTTP POST request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/828286a465b64587f2cfdb7b10319fca29c9a6b8c6903edc26044edca78e69ed/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2021-04-21 05:58:51 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qkbinjdfwzcyp4wp3n5ramm7ziu4tjvyy2id5xbgarhnzj4onhwq._file
Verdict:
malicious
Similar samples:
0595ed217175111f8512486a87acdf3dbde38bb7db819dc5f22df7d1ea8aa3a2
TaurusStealer
0b9f635e4fdcd604301232cbf99882303bded31ab572e692b688f10cac5677a0
TaurusStealer
0d9b7c9cd4ffb270fd1db3a421dbb657811fc34bf3437517e8e574131839c42b
TaurusStealer
2713778531071a2f5e9d1166b2e55ed95afeaaa7b839bd504c7453448f583cee
TaurusStealer
2d112aebd685269e3a26aaeca52f6f2691845fc13864c9fb7d463c5f6c032f66
TaurusStealer
45feb97cce0d34dc6c93494ba82a0b657ed513d1f9a0962b4415e0e51d05fa4e
TaurusStealer
6c5d7642a58d60f603a1931f20977219becef21e957641a250c272c3fab74b2d
TaurusStealer
a423314d33b74a166ce89ccef59bd5da0b25a6cfdc4ab59ac0fe157dad3082cd
TaurusStealer
b2e0a2a4ee3ca452cd290a72cd11f0fe2e178ca8566badd578377fa211aa59a8
TaurusStealer
bc5e3b9e7638a68bbb36387281fedc1bedb12d67575b9242a47c0bf0c8f3c265
TaurusStealer
+ 51 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/210421-c6px7entpj/
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Accesses 2FA software files, possible credential harvesting
Checks installed software on the system
Deletes itself
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/828286a465b64587f2cfdb7b10319fca29c9a6b8c6903edc26044edca78e69ed

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

TaurusStealer

Executable exe 828286a465b64587f2cfdb7b10319fca29c9a6b8c6903edc26044edca78e69ed

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/142138/
  
URLhaus
https://urlhaus.abuse.ch/url/1131480/
  
Delivery method
Distributed via web download

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-04-21 14:18:35 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0012.001] Anti-Static Analysis::Argument Obfuscation
1) [C0003.002] Communication Micro-objective::Connect Pipe::Interprocess Communication
2) [C0003.001] Communication Micro-objective::Create Pipe::Interprocess Communication
3) [C0003.003] Communication Micro-objective::Read Pipe::Interprocess Communication
4) [C0003.004] Communication Micro-objective::Write Pipe::Interprocess Communication
5) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
6) [C0021.004] Cryptography Micro-objective::RC4 PRGA::Generate Pseudo-random Sequence
7) [C0049] File System Micro-objective::Get File Attributes
8) [C0051] File System Micro-objective::Read File
9) [C0052] File System Micro-objective::Writes File
10) [C0007] Memory Micro-objective::Allocate Memory
11) [C0033] Operating System Micro-objective::Console
12) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
13) [C0040] Process Micro-objective::Allocate Thread Local Storage
14) [C0043] Process Micro-objective::Check Mutex
15) [C0042] Process Micro-objective::Create Mutex
16) [C0041] Process Micro-objective::Set Thread Local Storage Value
17) [C0018] Process Micro-objective::Terminate Process