Overview

overview

10

Static

static

Metlife-Di...er.msi

windows7_x64

8

Metlife-Di...er.msi

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Metlife-Disability-Waiver-Of-Premium-Benefit-Rider.7z

  • Size

    1.7MB

  • Sample

    210916-kkanxacfb4

  • MD5

    2b893f987471a486bf54a97596aff147

  • SHA1

    bcfe486a2d94dc85f7ab9ae3fece694b1533d1d1

  • SHA256

    9f0ab558d73abbd9883c32a3eb93240a38b63aa97f5021a63da8602c39fe72ab

  • SHA512

    6cdfd79cbd6fbb4686b5f6a8e5fa72d6a7230ea214e4ff884fd0652927108d2a01518e182e93ef2d1638068aed451710324cbb549b07e641fff0e7a5277c0bc9

Score
10/10
jupyterbackdoordiscoverystealertrojan

Malware Config

Extracted

Family

jupyter

Version

SP-11

C2

http://37.120.237.251

Targets

    • Target

      Metlife-Disability-Waiver-Of-Premium-Benefit-Rider.msi

    • Size

      104.4MB

    • MD5

      3ef1e803695ceed8baa27d270b3dc649

    • SHA1

      a0dff2e81809ab07a296d0114174eebff40cfada

    • SHA256

      bc7986f0c9f431b839a13a9a0dfa2711f86e9e9afbed9b9b456066602881ba71

    • SHA512

      4de1b4f6c720b8dd5d0bf4b4a0d4dc6985de45d056c2c1636ecf4757ac18bb76f696fbfd23e2e7d03eb2027fa945de246db3be2a72bcb6ef9a67c9fd19dcc396

    Score
    10/10
    discoveryjupyterbackdoorstealertrojan

    • Jupyter Backdoor/Client Payload

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks