General

  • Target

    installer-bundle 2.exe.zip

  • Size

    18.8MB

  • Sample

    231103-nhx8zabe67

  • MD5

    c3589122260cbac4080ce3b7d0b698a2

  • SHA1

    2f4ea0a5f208db3b8773faa4b0970749a394fa29

  • SHA256

    8644d2766bba6fd0c5f9b614db6e091a17d00585d259e37fc8466e0a53287083

  • SHA512

    adc21006ea4e3e3555572dd0d93c673d291ca0a353bd41da5770743a4e505955c3cdef2a4c6a5e5270bdd2297a327bcbd5d688c5bc067c32b57eba4934ef90fc

  • SSDEEP

    393216:zRs2qGmkIi2NyKyQyxYoLlCVvHt88Z12bRUO6G0ZFomDp6:Kumk2NyKbG8NVZ1uB6G0nFD8

Malware Config

Extracted

Family

jupyter

C2

http://91.206.178.109

Targets

    • Target

      installer-bundle.exe

    • Size

      317.1MB

    • MD5

      af6c44207d3af97297eab0ee12e1dc80

    • SHA1

      84a3780b2cbe1353aa72074cf69a8a6df353af56

    • SHA256

      bd6d8c48c1faad08dc110393275243acb0f5c7c8884d8c6663d2538cced4ad8e

    • SHA512

      e536c119caf85895608ce0d6d99b81bfcb1240d842b246daefa923596ec225544ce36abd1c7da0e6909b80ffa37db6152570c64d2ba0c3d83af30aafba040c21

    • SSDEEP

      393216:bqkG8OOkkGZ8Amek9iClXuv9PmcdbALPcOQe+F7oIuzE:28OeGZ8A/AEhdbgNQe+xzuY

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks