General
-
Target
28b41fbae3fec855c2f4779dde8d4e990d3e5ceede80a89bcf420a59459d84b8.msi
-
Size
109.5MB
-
Sample
211022-jh1a4scbdn
-
MD5
0c873c9f4a961705dca7e6d72e940a2b
-
SHA1
30c4a44da9233a30491a1ae3dd30c9fcfe0656ca
-
SHA256
28b41fbae3fec855c2f4779dde8d4e990d3e5ceede80a89bcf420a59459d84b8
-
SHA512
2f1b5a448ea169d987f86cc48b91a2ff06ad102d93e00611638e95b193d90062576e54d782c2189a3daf80a71ef0b1af1bd06496c6b7eb499e58309eabbc4884
Static task
static1
Malware Config
Extracted
jupyter
SP-17
http://188.241.83.61
Targets
-
-
Target
28b41fbae3fec855c2f4779dde8d4e990d3e5ceede80a89bcf420a59459d84b8.msi
-
Size
109.5MB
-
MD5
0c873c9f4a961705dca7e6d72e940a2b
-
SHA1
30c4a44da9233a30491a1ae3dd30c9fcfe0656ca
-
SHA256
28b41fbae3fec855c2f4779dde8d4e990d3e5ceede80a89bcf420a59459d84b8
-
SHA512
2f1b5a448ea169d987f86cc48b91a2ff06ad102d93e00611638e95b193d90062576e54d782c2189a3daf80a71ef0b1af1bd06496c6b7eb499e58309eabbc4884
-
Jupyter Backdoor/Client Payload
-
Registers COM server for autorun
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Registers new Print Monitor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-