jester | 2f60704e2dac47d532955485a04c195dffa41f9e638527ac42c82a224b2202ea | Triage

Sharing

General

Target

2f60704e2dac47d532955485a04c195dffa41f9e638527ac42c82a224b2202ea
Size

1.7MB
Sample

211216-w6ltvadddq
MD5

bb9e3c71b3ee3279632905f905ac21c4
SHA1

a2b1d81ec6a21b52f555f5ec7e9cf9a73f937971
SHA256

2f60704e2dac47d532955485a04c195dffa41f9e638527ac42c82a224b2202ea
SHA512

f63faf0d317fa32fa9e091dfb0327752433c94c2d8171ef1d4b988288012de2062c89c37c87513873010e7ea78e71d54981ca17cec333222eb9ad9bbb9600916

Score

10^/10

jester ads555man collection stealer

Malware Config

Extracted

Family

jester

Botnet

ads555man

C2

http://jesterdcuxzbey4xvlwwheoecpltru5be2mzuk4w7a7nrhckdjjhrbyd.onion/report/ads555man

https://api.anonfiles.com/upload?token=d26d620842507144

Mutex

efbb42d7-d0db-4f16-a194-3d9d9d1fc654

Attributes

license_key
65EEBAF23D4744267D131CD5BA37E706

Targets

- Target
  
  2f60704e2dac47d532955485a04c195dffa41f9e638527ac42c82a224b2202ea
- Size
  
  1.7MB
- MD5
  
  bb9e3c71b3ee3279632905f905ac21c4
- SHA1
  
  a2b1d81ec6a21b52f555f5ec7e9cf9a73f937971
- SHA256
  
  2f60704e2dac47d532955485a04c195dffa41f9e638527ac42c82a224b2202ea
- SHA512
  
  f63faf0d317fa32fa9e091dfb0327752433c94c2d8171ef1d4b988288012de2062c89c37c87513873010e7ea78e71d54981ca17cec333222eb9ad9bbb9600916
Score

10^/10

jester ads555man collection stealer
- Jester
  Jester is an information stealer malware written in C#.
  stealer jester
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

jesterads555mancollectionstealer

behavioral2

jesterads555mancollectionstealer