General
-
Target
2f60704e2dac47d532955485a04c195dffa41f9e638527ac42c82a224b2202ea
-
Size
1.7MB
-
Sample
211216-w6ltvadddq
-
MD5
bb9e3c71b3ee3279632905f905ac21c4
-
SHA1
a2b1d81ec6a21b52f555f5ec7e9cf9a73f937971
-
SHA256
2f60704e2dac47d532955485a04c195dffa41f9e638527ac42c82a224b2202ea
-
SHA512
f63faf0d317fa32fa9e091dfb0327752433c94c2d8171ef1d4b988288012de2062c89c37c87513873010e7ea78e71d54981ca17cec333222eb9ad9bbb9600916
Malware Config
Extracted
jester
ads555man
http://jesterdcuxzbey4xvlwwheoecpltru5be2mzuk4w7a7nrhckdjjhrbyd.onion/report/ads555man
https://api.anonfiles.com/upload?token=d26d620842507144
efbb42d7-d0db-4f16-a194-3d9d9d1fc654
-
license_key
65EEBAF23D4744267D131CD5BA37E706
Targets
-
-
Target
2f60704e2dac47d532955485a04c195dffa41f9e638527ac42c82a224b2202ea
-
Size
1.7MB
-
MD5
bb9e3c71b3ee3279632905f905ac21c4
-
SHA1
a2b1d81ec6a21b52f555f5ec7e9cf9a73f937971
-
SHA256
2f60704e2dac47d532955485a04c195dffa41f9e638527ac42c82a224b2202ea
-
SHA512
f63faf0d317fa32fa9e091dfb0327752433c94c2d8171ef1d4b988288012de2062c89c37c87513873010e7ea78e71d54981ca17cec333222eb9ad9bbb9600916
Score10/10-
Jester
Jester is an information stealer malware written in C#.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-