Resubmissions

13-06-2022 00:02

220613-abkseagff5 10

27-05-2022 17:16

220527-vtdr2aeae7 10

General

  • Target

    05a2b5a48fb1622a603ed5b1ad81630a166ff6ee8455f2030d947c73ea6fc925

  • Size

    3.9MB

  • Sample

    220527-vtdr2aeae7

  • MD5

    96140d0b0d6cddaa8d5ffd36e40c46f3

  • SHA1

    da7e6c9fe92d37856f1d6a269b5034f75d5cf825

  • SHA256

    05a2b5a48fb1622a603ed5b1ad81630a166ff6ee8455f2030d947c73ea6fc925

  • SHA512

    f0271e84d289ef2d347727990a48254e1584c99a0eb0ce3561c4453ab1a942570e74cd603bdf516c94169e73f3f10d69b7d823e59365a05bdea74e600c902568

Malware Config

Targets

    • Target

      jupyter.exe

    • Size

      114.1MB

    • MD5

      e56ad54905b09c1345207b7fdddf21c6

    • SHA1

      6ad28e1810eb1be26e835e5224e78e13576887b9

    • SHA256

      ee904ce81c66b774897f93b0301e297a9137295516d57ba1c4e078a383cbce39

    • SHA512

      014f3b551431be47b6cdacae0898d599a38d0371becc4cdfd2cfce66f622a6b7f2ab3af88a8db92b385b9f2f3e79649215b7ef345bc7b271dcd26c00ba3f7efd

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks