jester | 4417195f416e6bd019c0982978bf1f00c0c848e5ac2e020f278629bbe21266b6 | Triage

Sharing

General

Target

4417195f416e6bd019c0982978bf1f00c0c848e5ac2e020f278629bbe21266b6.bin
Size

494KB
Sample

220309-jmwtgshghl
MD5

d01656def63636c082785db6d61fb415
SHA1

96102ea313063db1179792d65cd15af877d2f5d0
SHA256

4417195f416e6bd019c0982978bf1f00c0c848e5ac2e020f278629bbe21266b6
SHA512

1e27c2b2bacac3e6b9994c4de8bef20d9af1b783d668cfa8896bc7822c739e969dba64db0629a245398a0bb324575f1009bca6e51fbf0701fe1dea798d68edc7

Score

10^/10

jester ads555man collection spyware stealer

Malware Config

Extracted

Family

jester

Botnet

ads555man

C2

http://jesterdcuxzbey4xvlwwheoecpltru5be2mzuk4w7a7nrhckdjjhrbyd.onion/report/ads555man

https://api.anonfiles.com/upload?token=d26d620842507144

Mutex

efbb42d7-d0db-4f16-a194-3d9d9d1fc654

Attributes

license_key
65EEBAF23D4744267D131CD5BA37E706

Targets

- Target
  
  4417195f416e6bd019c0982978bf1f00c0c848e5ac2e020f278629bbe21266b6.bin
- Size
  
  494KB
- MD5
  
  d01656def63636c082785db6d61fb415
- SHA1
  
  96102ea313063db1179792d65cd15af877d2f5d0
- SHA256
  
  4417195f416e6bd019c0982978bf1f00c0c848e5ac2e020f278629bbe21266b6
- SHA512
  
  1e27c2b2bacac3e6b9994c4de8bef20d9af1b783d668cfa8896bc7822c739e969dba64db0629a245398a0bb324575f1009bca6e51fbf0701fe1dea798d68edc7
Score

10^/10

jester ads555man collection spyware stealer
- Jester
  Jester is an information stealer malware written in C#.
  stealer jester
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

ads555manjester

behavioral1

jesterads555mancollectionspywarestealer

behavioral2

jesterads555mancollectionspywarestealer