jupyter | 86de8294aff50b4a37ec51864f2c2ce4416db78309d64fa8ee33088f75abc5b6 | Triage

Sharing

General

Target

Ondura-Specs-and-Installation-Tips.exe
Size

300.3MB
Sample

230926-wt52ysce4w
MD5

6534e49478f1c797df13b1cb34242280
SHA1

a0878d6515159dfd4174070e6364b84987f9fcb6
SHA256

86de8294aff50b4a37ec51864f2c2ce4416db78309d64fa8ee33088f75abc5b6
SHA512

99d8a59b902b384404d4b8fddf06740baaa8aa2dc15c8b93299f138ff67c77272f136204fe11f46149ad4e633684b2ef30a3ea0b646b41924110e909e9bcaa50
SSDEEP

49152:QPZa6Jr7GhXX7KbAC0yzH444444444444444444444444444444444444444444K:Qi

Score

10^/10

jupyter backdoor stealer trojan

Malware Config

Extracted

Family

jupyter

C2

http://91.206.178.109

Targets

- Target
  
  Ondura-Specs-and-Installation-Tips.exe
- Size
  
  300.3MB
- MD5
  
  6534e49478f1c797df13b1cb34242280
- SHA1
  
  a0878d6515159dfd4174070e6364b84987f9fcb6
- SHA256
  
  86de8294aff50b4a37ec51864f2c2ce4416db78309d64fa8ee33088f75abc5b6
- SHA512
  
  99d8a59b902b384404d4b8fddf06740baaa8aa2dc15c8b93299f138ff67c77272f136204fe11f46149ad4e633684b2ef30a3ea0b646b41924110e909e9bcaa50
- SSDEEP
  
  49152:QPZa6Jr7GhXX7KbAC0yzH444444444444444444444444444444444444444444K:Qi
Score

10^/10

jupyter backdoor stealer trojan
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

jupyterbackdoorstealertrojan