Everything you need to know about the new Taurus Stealer
READ THE REPORT
LISTEN TO PODCAST
In this in-depth report, Alberto Marin, Blueliv’s Malware Sandbox Lead, takes a deep dive into a packed sample which the Blueliv labs team successfully detected and classified as Taurus Stealer, a C/C++ information-stealing malware that has been in the wild since April 2020.We analyze how Taurus Stealer operates, looking at the outer layer – the packer – the following three layers and their purposes – and how the malware eventually executes the payload.We assess Taurus Stealer’s primary workflow, its heavy use of code obfuscation techniques and stack strings, and the functions it executes to load the C2, Build ID and Bot ID.We will also shine a light on the various grabbing and encryption methods used in the malware, its stealer dependencies, and much, much more.For a comprehensive understanding of the Taurus Stealer malware and its MITRE Adversarial Tactics, Techniques, and Common Knowledge, as well as more details about how we reverse engineer and analyze malware, read the full report - and make sure to visit our targeted malware module page at blueliv.com.
A User does not have the obligation to accept Cookies and may voluntarily opt-out, but without accepting them the User may experience reduced Site functionality. If the User should wish to reject the cookies it should read the information contained in User’s browser software to see how to turn-off the automatic download feature. For more information about cookies, including how to set the internet browser to reject cookies, User is invited to access the following website: www.allaboutcookies.org.
BLUELIV is currently using the following Cookies in accordance with the instructions and information specified herein:
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
This cookie is used for the function of Google Analytics. The cookie store the visitor-level custom variable data.
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
1 year 1 month
The cookie is set by addthis.com to determine the usage of Addthis.com service.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
1 year 24 days
Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
1 year 1 month
This cookie is set by Addthis. This is a geolocation cookie to understand where the users sharing the information are located.
This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.
This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
5 months 27 days
This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.