jupyter | 9f0ab558d73abbd9883c32a3eb93240a38b63aa97f5021a63da8602c39fe72ab | Triage

Submit
Reports

Overview

overview

Static

static

Metlife-Di...er.msi

windows7_x64

8

Metlife-Di...er.msi

windows10_x64

Sharing

General

Target

Metlife-Disability-Waiver-Of-Premium-Benefit-Rider.7z
Size

1.7MB
Sample

210916-kkanxacfb4
MD5

2b893f987471a486bf54a97596aff147
SHA1

bcfe486a2d94dc85f7ab9ae3fece694b1533d1d1
SHA256

9f0ab558d73abbd9883c32a3eb93240a38b63aa97f5021a63da8602c39fe72ab
SHA512

6cdfd79cbd6fbb4686b5f6a8e5fa72d6a7230ea214e4ff884fd0652927108d2a01518e182e93ef2d1638068aed451710324cbb549b07e641fff0e7a5277c0bc9

Score

10^/10

jupyter backdoor discovery stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Metlife-Disability-Waiver-Of-Premium-Benefit-Rider.msi

Resource

win7-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Metlife-Disability-Waiver-Of-Premium-Benefit-Rider.msi

Resource

win10v20210408

jupyter backdoor discovery stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

jupyter

Version

SP-11

C2

http://37.120.237.251

Targets

- Target
  
  Metlife-Disability-Waiver-Of-Premium-Benefit-Rider.msi
- Size
  
  104.4MB
- MD5
  
  3ef1e803695ceed8baa27d270b3dc649
- SHA1
  
  a0dff2e81809ab07a296d0114174eebff40cfada
- SHA256
  
  bc7986f0c9f431b839a13a9a0dfa2711f86e9e9afbed9b9b456066602881ba71
- SHA512
  
  4de1b4f6c720b8dd5d0bf4b4a0d4dc6985de45d056c2c1636ecf4757ac18bb76f696fbfd23e2e7d03eb2027fa945de246db3be2a72bcb6ef9a67c9fd19dcc396
Score

10^/10

discovery jupyter backdoor stealer trojan
- Jupyter Backdoor/Client Payload
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

jupyterbackdoordiscoverystealertrojan

© 2018-2024

Terms | Privacy