8df178881e8b75967bc0d637dec79f0c8ef74aa69d34469edb6c5f54bc02d2f7 | Triage

Sharing

General

Target

Toolbar.exe
Size

206KB
Sample

240612-jlk1lavdkg
MD5

216044ee366b18762dbd88b44f17eb40
SHA1

80b9e88e738bdb7fcaf5c7ad2fcc158182e3e789
SHA256

8df178881e8b75967bc0d637dec79f0c8ef74aa69d34469edb6c5f54bc02d2f7
SHA512

4e63a1aa05651d17801c94bbf894689f493628cb5b3e67519831a3692ae07f81fc5ebc4d624ffd44d6f8a04ad553d359c22c9be6668da1d4fff009adb5de49d2
SSDEEP

3072:fes+5ywGAwXH+cn0/tftYgr6qXVd/G4b0cW5ic5dw5RjBZQ6o40n8WMsxzW:fes+5ytB3RyeUV93bO5iP5NQJ+spW

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  Device/HarddiskVolume3/Users/tomphilip/AppData/Local/Temp/NER86D7.tmp/Toolbar.exe
- Size
  
  472KB
- MD5
  
  0f53d59df42827e7af4fc207e600a999
- SHA1
  
  bee96291323d129cf104d0fa8ecbe8aab5e4bca5
- SHA256
  
  784ad117dc1cd965a561ee729f086049fe47694aa3545ea6408d2ff31917827f
- SHA512
  
  1cc407b30c60b7ba865daa2036573c8c205b3710de86a8921c0c47b8e9889bd0d97512ab31160fdeb68220ff8a742fccb3230b74ca65f97c5b019acac8708cfe
- SSDEEP
  
  12288:vTOAkRj7IqoRHaxYmzzxrFdLh/20lRSgi:v6AkRjyaxYmdxdLxt
Score

7^/10

adware discovery stealer
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer