Resubmissions

12-06-2022 22:27

220612-2c3s6adgd5 10

10-06-2022 17:29

220610-v2jm9adfel 8

General

  • Target

    State-Farm-Auto-Insurance-Policy-Booklet.exe.zip

  • Size

    3.6MB

  • Sample

    220612-2c3s6adgd5

  • MD5

    e86c447eb6744b9afc9d5529d65a652a

  • SHA1

    27354508abf15ce197fce369c5ab4b6942eeb44b

  • SHA256

    02257b487a0c8a927a63e82adef0d9fafef53bac3bafbb98f417a5cbc3a9d6c0

  • SHA512

    5f7ea20a54ab90e20138a92bcd724408c73c2b022b331ac978715703d4d480c321d19e1e7e71f1b6fc7a9938b48a249f72181fb723ffd6a023af3e8da057bb40

Malware Config

Extracted

Family

jupyter

C2

http://146.70.71.174

Targets

    • Target

      State-Farm-Auto-Insurance-Policy-Booklet.exe

    • Size

      266.0MB

    • MD5

      3a015f8d7013c0fef3322e08cd41b565

    • SHA1

      b4d03c21ff99aceb0023ec581e953b17ad541580

    • SHA256

      29014a3438c174c2e7377168adf62080e7566e1664c1b639e454a9ad961b5fde

    • SHA512

      f97e2b80eb0b00351c406df2a455d3dfe214925aada81455c5d40924a613ef883119a365978b50882a35fb27635c5937af0da7a8a5f91074eefa6eaba10518bf

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Executes dropped EXE

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks