Resubmissions

16-09-2023 18:02

230916-wmkgnsce5z 10

General

  • Target

    OSU-FourYear-Academic-Calendar-202122-through-202425.exe.zip

  • Size

    3.1MB

  • Sample

    230916-wmkgnsce5z

  • MD5

    0b019a3dd120586b87cefa78a47f8f14

  • SHA1

    4774cedab4a3b7e0da779d69f592f09307d6898c

  • SHA256

    8f1f4a3061f146249be95a90b0a8f28e856d6d92e226b871fc869afd56f0b92f

  • SHA512

    8efbdfc9ebf1d63390b081cd5b4de75a7de4a3d823ec9e1ea1960b07f6071a0154ea8af5132367df6a773eccad5c4e736fb455a7f7d1719da9bfe8e60261a462

  • SSDEEP

    24576:kLp2rYn3u4AWztvIX8mFAqyxgvMBpvpNe9eesXrsZc:kLp2rYnTztwhFAuMBpTy2sK

Malware Config

Extracted

Family

jupyter

C2

http://91.206.178.109

Targets

    • Target

      OSU-FourYear-Academic-Calendar-202122-through-202425.exe

    • Size

      300.1MB

    • MD5

      634a1f57cd61801b198418ba1ecc797c

    • SHA1

      be4418022ce3af4f1ad1de7a43095e95b2e7bd12

    • SHA256

      13a1bead1187cbc6072c410501a417b812e82f1bbbf6a93deaab26ae5ea67628

    • SHA512

      1e57c4809d1524bb9931707e41eaf2dde1fb368f662d71ef24c53b60812fce3242d41fe8aedc2a801dbcccc6a79e6709232e10cd0a9dbec8ce1f27afd388481d

    • SSDEEP

      49152:mseenCOSg4aYzA9aPplVEQ1pgrtRx4444444444444444444444444444444444X:m4

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks