General

  • Target

    c9399782497f76cf663bfcaf7cc57eb8f9bb40a12baf104026a882d689e2a587.zip

  • Size

    3.7MB

  • Sample

    220614-xzx4zadce2

  • MD5

    719a430f4887d8f7e26ac1b2cfa38294

  • SHA1

    f761ab7229c4562ce639a572060d649f8608974a

  • SHA256

    663c452eda97e2568fc244f9062363b1ee8df49bf8edc3f5035c5ed4ae9371a4

  • SHA512

    bcdac921353471a9f7c978b32bd15d94c7e900510b7ca9a537f190409cf78f6808b2152bdde647f6dbdb050e5b6cc7ca39c6b9e776e51aae0c5878561d531f56

Malware Config

Extracted

Family

jupyter

C2

http://14,6.70.71.174

Targets

    • Target

      Holland-America-Donation-Request-Form.exe

    • Size

      274.0MB

    • MD5

      761b643ce4867014456b331b1a251dc3

    • SHA1

      52685157be543065f34a7ec9eb8519c9b1855a59

    • SHA256

      6d1a637ee2263dc7918b886a8a1878fb73a000510bc6f42e0c59669487c46e82

    • SHA512

      f30eb357e0dd4eaec8de8bc08ad1a1044340b3fe55856aad68499251eab4bc5d41f422984f213fa173aeb44b3c9b8cbdc8b93780fa337365ac89150fb7fa3451

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v6

Tasks