jupyter | 39787d4b45d431380f24bb2c2e505ce1cd369ddc84629f295df892910d0d4e2e | Triage

Resubmissions

27-06-2022 16:40

220627-t6sw2scder 10

01-06-2022 19:48

220601-yjgmqabdg4 10

Sharing

General

Target

Gifted-And-Talented-Appeal-Letter-Sample (1).exe
Size

265.0MB
Sample

220627-t6sw2scder
MD5

9113ce41a5c257d8fc3cd740bcb63c08
SHA1

b5a27bd5ef4349580f381e8dec5bd78ecfc9c542
SHA256

39787d4b45d431380f24bb2c2e505ce1cd369ddc84629f295df892910d0d4e2e
SHA512

8a44926c6a67b38481339d44d7665e771bfae2b58d71908a3d3c1783e0b814b1650bce9a06bb62bd334c8fa0a6eaec4d929e4625955749bee383d6651d87359b

Score

10^/10

jupyter backdoor stealer trojan

Malware Config

Extracted

Family

jupyter

C2

http://146.70.71.174

Targets

- Target
  
  Gifted-And-Talented-Appeal-Letter-Sample (1).exe
- Size
  
  265.0MB
- MD5
  
  9113ce41a5c257d8fc3cd740bcb63c08
- SHA1
  
  b5a27bd5ef4349580f381e8dec5bd78ecfc9c542
- SHA256
  
  39787d4b45d431380f24bb2c2e505ce1cd369ddc84629f295df892910d0d4e2e
- SHA512
  
  8a44926c6a67b38481339d44d7665e771bfae2b58d71908a3d3c1783e0b814b1650bce9a06bb62bd334c8fa0a6eaec4d929e4625955749bee383d6651d87359b
Score

10^/10

jupyter backdoor stealer trojan
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jupyterbackdoorstealertrojan

behavioral2