jaskago_macos | 240726-dy3taar29x_pw_infected[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

240726-dy3taar29x_pw_infected.zip
Size

3.6MB
MD5

36e4a94ffac9375ec9ce0d3740114494
SHA1

0e808ed6af58839ae158d7baee07d5572a65cddf
SHA256

2672a5e458a95c05e6dc8ffc1d7094cb301a95e431a419ce7e7816b01a1d61af
SHA512

218d2f5da69a5a25b3bb077581bcb208b27d7ba5449b65cb00de9ffa18cf0e47c121cb85480c808fc2d67eb930524fd32c680ab03f0a4b2746212979269e661f
SSDEEP

98304:TTY/52vNK8EdRkY9nO0CYYY3WiP1ERnV/7:TT9FIDk6dd3WiP+RnVD

Score

10^/10

jaskago_macos jaskago

Malware Config

Extracted

Family

jaskago

C2

172.245.55.41:7248

Attributes

build_id
clye606a8008i107m68tmfye3
encryption_key
2l6fmLgT4QM2+fv7dzBsT5cOXUruSqipIo/Dlo6JmW8=

Signatures

Detects Jaskago macOS version 1 IoCs

resource	yara_rule
static1/unpack001/f6629ac35b8b064785f782e39dd0aa12da574a3d84c966f94dc015a5465d4053	family_jaskago

Jaskago family
jaskago
Jaskago_macos family
jaskago_macos

Files

240726-dy3taar29x_pw_infected.zip
.zip

Password: infected
f6629ac35b8b064785f782e39dd0aa12da574a3d84c966f94dc015a5465d4053
.macho macos arch:x64