General
-
Target
JEsNEuI.dll
-
Size
356KB
-
Sample
200626-2199vtd32x
-
MD5
9eea7a0571baf33fa6877e8f8ebb3ad7
-
SHA1
9a7738f3f73d78d9fe18ba5401081d27f4222c8d
-
SHA256
121d7fc3a0a43a6ef4b73f564175b92727281155b221ff6f34c00d73438b679e
-
SHA512
90b6440f8c0fd2946eb5e47882aaf6b608fc900e9684daf4da74579d8863e83d26be7d27e2e074a98fdf631f2e9d44bc3e79a619ef88db009ade73516afa3e94
Static task
static1
Behavioral task
behavioral1
Sample
JEsNEuI.dll
Resource
win7
Malware Config
Targets
-
-
Target
JEsNEuI.dll
-
Size
356KB
-
MD5
9eea7a0571baf33fa6877e8f8ebb3ad7
-
SHA1
9a7738f3f73d78d9fe18ba5401081d27f4222c8d
-
SHA256
121d7fc3a0a43a6ef4b73f564175b92727281155b221ff6f34c00d73438b679e
-
SHA512
90b6440f8c0fd2946eb5e47882aaf6b608fc900e9684daf4da74579d8863e83d26be7d27e2e074a98fdf631f2e9d44bc3e79a619ef88db009ade73516afa3e94
Score10/10-
Blacklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Modifies service
-
Suspicious use of SetThreadContext
-