Overview

overview

10

Static

static

10

371c05e0bb...32.exe

windows7_x64

10

371c05e0bb...32.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    107s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    09/03/2022, 07:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    371c05e0bbb3df83d8ff937a83b90058e6aa6774b22d3a3d18eb8fc2a6770532.exe

  • Size

    241KB

  • MD5

    56219e2fa91f85843c4562a2b34c4c47

  • SHA1

    c58c86dc37093579b0d2750822ae85ece145eefe

  • SHA256

    371c05e0bbb3df83d8ff937a83b90058e6aa6774b22d3a3d18eb8fc2a6770532

  • SHA512

    278ae0c8bb93e7afecb6ed36038ba6c6a82b846de01ab137ae9d68b3713b8ecc2af02cad8e1e1980933ee8b80f5768453ced872361c9b86499f0e9e51cd9e43d

Score
10/10
jesterfikuscodestealer

Malware Config

Extracted

Family

jester

Botnet

FikusCode

C2

http://jesterdcuxzbey4xvlwwheoecpltru5be2mzuk4w7a7nrhckdjjhrbyd.onion/report/FikusCode

https://api.anonfiles.com/upload?token=d26d620842507144
Mutex

46378331-3729-449c-9a03-94f385d10a9c

Attributes
  • license_key

    D1F0DE359CBD562CCF9326AEEEA8E64E

Signatures

  • Jester

    Jester is an information stealer malware written in C#.

    stealerjester
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\371c05e0bbb3df83d8ff937a83b90058e6aa6774b22d3a3d18eb8fc2a6770532.exe
    "C:\Users\Admin\AppData\Local\Temp\371c05e0bbb3df83d8ff937a83b90058e6aa6774b22d3a3d18eb8fc2a6770532.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2496-130-0x0000017974250000-0x0000017974292000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2496-132-0x0000017977460000-0x0000017977462000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2496-131-0x00007FFF7A220000-0x00007FFF7ACE1000-memory.dmp

    Filesize

    10.8MB

    Download