Resubmissions

23-01-2024 11:25

240123-njkn9saeb5 10

26-06-2020 08:43

200626-2199vtd32x 10

General

  • Target

    JEsNEuI.dll

  • Size

    356KB

  • Sample

    200626-2199vtd32x

  • MD5

    9eea7a0571baf33fa6877e8f8ebb3ad7

  • SHA1

    9a7738f3f73d78d9fe18ba5401081d27f4222c8d

  • SHA256

    121d7fc3a0a43a6ef4b73f564175b92727281155b221ff6f34c00d73438b679e

  • SHA512

    90b6440f8c0fd2946eb5e47882aaf6b608fc900e9684daf4da74579d8863e83d26be7d27e2e074a98fdf631f2e9d44bc3e79a619ef88db009ade73516afa3e94

Malware Config

Targets

    • Target

      JEsNEuI.dll

    • Size

      356KB

    • MD5

      9eea7a0571baf33fa6877e8f8ebb3ad7

    • SHA1

      9a7738f3f73d78d9fe18ba5401081d27f4222c8d

    • SHA256

      121d7fc3a0a43a6ef4b73f564175b92727281155b221ff6f34c00d73438b679e

    • SHA512

      90b6440f8c0fd2946eb5e47882aaf6b608fc900e9684daf4da74579d8863e83d26be7d27e2e074a98fdf631f2e9d44bc3e79a619ef88db009ade73516afa3e94

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blacklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Modifies service

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks