Jason Email Hacking Tool Leaked Online

The source code for a new hacking tool named Jason, allegedly used by the OilRig advanced persistent threat group (also known as APT34), has been leaked online.

Jason is used to perform brute force attacks against Microsoft Exchange email servers using pre-compiled lists of usernames and passwords and is controlled by a simple user interface.

The tool works is used by threat actors to carry out brute-force attacks using a dictionary of password samples and four text files containing numerical patterns.

Since the source code has become publicly available, it is possible attackers may incorporate Jason into their campaigns or malware.

VirusTotal details here

Jason tool on VirusTotal
Jason email hijacking
Jason Email Hacking Tool

MD5 172c004ec5ecac3c4b13336200c693e4

SHA-1 1cd310cb0293e21374e3dc01607a09106f2d1d74

SHA256 9762444b94fa6cc5a25c79c487bbf97e007cb680118afeab0f5643d211fa3f78

Authentihash 1651490ce86d52842c6f22fd42804563b7765a126ff3a5ff5764deeff97df67b

Imphash f34d5f2d4577ed6d9ceec516c1f5a744

SSDEEP 768:7Nrk2kg7hdEpIJW/v+4dymaUM6v3dgmBTajWhVsBEVsB7:xfh+IJW/v+4lM6v35NajGsBEsB7

File type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

File size 46.5 KB (47616 bytes)

Affected Platforms

  • Microsoft Exchange Server – All versions

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: