jupyter | c2cae791772a0de0c4477bec746fb2e1d88961b294d7f2847cfc6563c2202c8f | Triage

Resubmissions

28-09-2023 14:40

230928-r1yh8scb2t 10

28-09-2023 14:23

230928-rqhp2adc95 8

Sharing

General

Target

install-tool.exe.zip
Size

3.2MB
Sample

230928-r1yh8scb2t
MD5

caad6f6e96dad01828a27ecba63ba984
SHA1

3856e65ffd29be39b3b7955443585dad9b38dc4c
SHA256

c2cae791772a0de0c4477bec746fb2e1d88961b294d7f2847cfc6563c2202c8f
SHA512

476b0433755515018b2401bb5ebcdfad06a3fc4f51989b9a7a9d0a0da03086bf9b444c4ecf27d194809cb340a0782b30d5b71fe18ff6584da73a6f0d1a9a4599
SSDEEP

49152:xH5ElFMhZnKbqBXrLGtxQ9O7RkzzgAn+2eM:slqOOvGbzJA+A

Score

10^/10

jupyter backdoor stealer trojan

Malware Config

Extracted

Family

jupyter

C2

http://91.206.178.109

Targets

- Target
  
  install-tool.exe
- Size
  
  300.3MB
- MD5
  
  8457f42f2b8a1f46daea28e16a235b61
- SHA1
  
  0b52c51bf6dac23155ec45e7d83119ff313f318d
- SHA256
  
  8f536b3f85b999cf0a899de83523c8fea56647e6be6880fbbc7856e1cb802902
- SHA512
  
  f33d6dd31c6896c32cd386ca5fc5ed5d931aae76dcd04648ea6e941851ac6bcb63fdfcd42b975702c35471ef53cd8cf6ee7c285e09e96152516c4096e7498db3
- SSDEEP
  
  49152:TzZa6Jr7GhXX7KbAC0yz+444444444444444444444444444444444444444444z:Te
Score

10^/10

jupyter backdoor stealer trojan
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

jupyterbackdoorstealertrojan