jester | a3b39307457b22600a4d4da61576587847923b2033cbad24172f1e8fdfa0bde6 | Triage

Analysis

max time kernel
4294180s
max time network
133s
platform
windows7_x64
resource
win7-20220223-en
submitted
09-03-2022 07:48

Sharing

Report Analysis Logs

General

Target

a3b39307457b22600a4d4da61576587847923b2033cbad24172f1e8fdfa0bde6.exe
Size

241KB
MD5

4b061c76cd809e3beabec5e84aed75b1
SHA1

29d399d8b3dbc6242db824c85c4862801835a7aa
SHA256

a3b39307457b22600a4d4da61576587847923b2033cbad24172f1e8fdfa0bde6
SHA512

3145b461b20730a8a750cb5990707abb6c48216578b13f12372899c70f521f80bb669915560b376139e3d78f52a0808c9a33237eb202d33d4985b543829ae3ed

Score

10^/10

jester fikuscode stealer

Malware Config

Extracted

Family

jester

Botnet

FikusCode

C2

http://jesterdcuxzbey4xvlwwheoecpltru5be2mzuk4w7a7nrhckdjjhrbyd.onion/report/FikusCode

https://api.anonfiles.com/upload?token=d26d620842507144

Mutex

46378331-3729-449c-9a03-94f385d10a9c

Attributes

license_key
D1F0DE359CBD562CCF9326AEEEA8E64E

Signatures

Jester
Jester is an information stealer malware written in C#.
stealer jester
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

a3b39307457b22600a4d4da61576587847923b2033cbad24172f1e8fdfa0bde6.exe

description pid process

Token: SeDebugPrivilege 1784 a3b39307457b22600a4d4da61576587847923b2033cbad24172f1e8fdfa0bde6.exe

C:\Users\Admin\AppData\Local\Temp\a3b39307457b22600a4d4da61576587847923b2033cbad24172f1e8fdfa0bde6.exe
"C:\Users\Admin\AppData\Local\Temp\a3b39307457b22600a4d4da61576587847923b2033cbad24172f1e8fdfa0bde6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-54-0x00000000011D0000-0x0000000001212000-memory.dmp

Filesize
264KB

Download
memory/1784-55-0x000007FEF5230000-0x000007FEF5C1C000-memory.dmp

Filesize
9.9MB

Download