General

  • Target

    Due-Diligence-Checklist-For-Oil-And-Gas-Properties.7z

  • Size

    6.4MB

  • Sample

    210916-keqg6scfa6

  • MD5

    91a459c227f20791aff59f13a66b3723

  • SHA1

    d5806d811789b753b9edcbb97412a333568bd001

  • SHA256

    c16b701105afe180c77befa58f8140f9583a1b0538d13b43e52eb2b996885124

  • SHA512

    41f8b82b6952bde961f1bbac1ccdbe88616c2ce0d4bae24e767ad3102fef13d2b7e7761d27225acc1563e8860c67d8a0a80cf895ae9f9d4c552c618db7022f69

Malware Config

Extracted

Family

jupyter

Version

SP-13

C2

http://45.42.201.248

Targets

    • Target

      Due-Diligence-Checklist-For-Oil-And-Gas-Properties.msi

    • Size

      123.1MB

    • MD5

      c4772d76029004a5512ea6e2ff3be39b

    • SHA1

      6bda1d3e855a87e5295c933994c2bf58399999e9

    • SHA256

      1197067d50dd5dd5af12e715e2cc00c0ba1ff738173928bbcfbbad1ee0a52f21

    • SHA512

      12d2c556e47d6981b17b4db641391288d7a58c6de770500294eca1ae6dbb3a4734443f634c6acf8130400c45b351e7c6c0c6a08f9f98ab3533518735496503fc

    • Jupyter Backdoor/Client Payload

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks