Resubmissions

24-10-2023 14:11

231024-rhrb7sdd6z 10

General

  • Target

    RHX-Commercial-Operator.exe

  • Size

    304.2MB

  • Sample

    231024-rhrb7sdd6z

  • MD5

    478726693466e135a70884f3aeb4028b

  • SHA1

    e0db6e637ca70c19a407f7a34c3c11b32e4993c6

  • SHA256

    820eda2078723e7f1c09d0e6d3641ea822c2b36c981cb5bfa4e445733664c087

  • SHA512

    e5184b05cf3df16b03a6e20242adba29e18c6c38737dcd8bd8d6632417ed65f45ffdf46b35d0702bbdb3636a2f5f20d1026c051444f273b81182e79c6fa89390

  • SSDEEP

    98304:mkLHn1PlPeG10ql5TtNUI/RHZ2Y5a8n7H3:RH1kc5Ttx/R52kz7X

Malware Config

Extracted

Family

jupyter

C2

http:/146.70.71.135

http://91.206.178.109

Targets

    • Target

      RHX-Commercial-Operator.exe

    • Size

      304.2MB

    • MD5

      478726693466e135a70884f3aeb4028b

    • SHA1

      e0db6e637ca70c19a407f7a34c3c11b32e4993c6

    • SHA256

      820eda2078723e7f1c09d0e6d3641ea822c2b36c981cb5bfa4e445733664c087

    • SHA512

      e5184b05cf3df16b03a6e20242adba29e18c6c38737dcd8bd8d6632417ed65f45ffdf46b35d0702bbdb3636a2f5f20d1026c051444f273b81182e79c6fa89390

    • SSDEEP

      98304:mkLHn1PlPeG10ql5TtNUI/RHZ2Y5a8n7H3:RH1kc5Ttx/R52kz7X

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks