jester | 30da1c19c3a87b7c78c8c4059f5483784d42310858637756c3cbb624713bad48 | Triage

Analysis

max time kernel
4294180s
max time network
148s
platform
windows7_x64
resource
win7-20220223-en
submitted
09-03-2022 07:47

Sharing

Report Analysis Logs

General

Target

30da1c19c3a87b7c78c8c4059f5483784d42310858637756c3cbb624713bad48.exe
Size

241KB
MD5

ec50d14f4580a0bff42fc5d24d1ab8ec
SHA1

114e65e3019411d17d2a8fb61a05e34bdaa3bc73
SHA256

30da1c19c3a87b7c78c8c4059f5483784d42310858637756c3cbb624713bad48
SHA512

5380231fb5cf762b527837c0379c753fc3b3a73750f516c34a85c9ad0457123ddcbe8749d64b6e698aa07aa0306ed45619b26173f43d8473a0895c4805b39944

Score

10^/10

jester fikuscode stealer

Malware Config

Extracted

Family

jester

Botnet

FikusCode

C2

http://jesterdcuxzbey4xvlwwheoecpltru5be2mzuk4w7a7nrhckdjjhrbyd.onion/report/FikusCode

https://api.anonfiles.com/upload?token=d26d620842507144

Mutex

46378331-3729-449c-9a03-94f385d10a9c

Attributes

license_key
D1F0DE359CBD562CCF9326AEEEA8E64E

Signatures

Jester
Jester is an information stealer malware written in C#.
stealer jester
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

30da1c19c3a87b7c78c8c4059f5483784d42310858637756c3cbb624713bad48.exe

description pid process

Token: SeDebugPrivilege 1592 30da1c19c3a87b7c78c8c4059f5483784d42310858637756c3cbb624713bad48.exe

C:\Users\Admin\AppData\Local\Temp\30da1c19c3a87b7c78c8c4059f5483784d42310858637756c3cbb624713bad48.exe
"C:\Users\Admin\AppData\Local\Temp\30da1c19c3a87b7c78c8c4059f5483784d42310858637756c3cbb624713bad48.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1592-54-0x0000000000A10000-0x0000000000A52000-memory.dmp

Filesize
264KB

Download
memory/1592-55-0x000007FEF5EC0000-0x000007FEF68AC000-memory.dmp

Filesize
9.9MB

Download