In this in-depth report, Alberto Marin, Blueliv’s Malware Sandbox Lead, takes a deep dive into a packed sample which the Blueliv labs team successfully detected and classified as Taurus Stealer, a C/C++ information-stealing malware that has been in the wild since April 2020.
We analyze how Taurus Stealer operates, looking at the outer layer – the packer – the following three layers and their purposes – and how the malware eventually executes the payload.
We assess Taurus Stealer’s primary workflow, its heavy use of code obfuscation techniques and stack strings, and the functions it executes to load the C2, Build ID and Bot ID.
We will also shine a light on the various grabbing and encryption methods used in the malware, its stealer dependencies, and much, much more.
For a comprehensive understanding of the Taurus Stealer malware and its MITRE Adversarial Tactics, Techniques, and Common Knowledge, as well as more details about how we reverse engineer and analyze malware, read the full report - and make sure to visit our targeted malware module page