Overview

overview

10

Static

static

1

installer-bundle.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    installer-bundle.exe.zip

  • Size

    18.8MB

  • Sample

    231107-sd4x6sah8z

  • MD5

    34fb927e4c2be642a1ee7c4e37859181

  • SHA1

    2a94e4651a232c9f07bf436b53c959011cf2f2ed

  • SHA256

    05476886b480e7324583da1cc47c7bc545c042c27788683c4244300b3b6464f1

  • SHA512

    f49fb84f320f3dce783f6289d473dc09a7f269373d8108ab382e91339180f4785a8e0498b3a7bd74b61e6b4baad8a68db889c28838fc4a76d3ac5e8fcecb5d86

  • SSDEEP

    393216:cmtQS6gOmMukPq4k8MdCs1JwTVfYsq75QdP4uCwqPHo0LC:4IOgkPq4lyoy75KfCwqP7LC

Score
10/10
jupyterbackdoorstealertrojan

Malware Config

Extracted

Family

jupyter

C2

http://212.237.217.136

http://78.135.73.176

Targets

    • Target

      installer-bundle.exe

    • Size

      317.1MB

    • MD5

      1977641039583fade1b370ab3c923e21

    • SHA1

      83e0825a04bb26863a5fbcf22e93df6df0478f05

    • SHA256

      5abc14737cb65a1e645bd5a2e3301b0e3e1e861a184034a6cc67ce57ee38f448

    • SHA512

      4d49651ddfddbb84e7c257e90790c802a02e54e1288920fae518c1a2f865914ba7a90ecc2a0a4f3106c2f8017ed32320a791a8e8b6eb685dd189bdf21437bee7

    • SSDEEP

      393216:XkG8OOkkGZ8Amek9iClXuv9PmcdbALPcOQe+F7oICw:X8OeGZ8A/AEhdbgNQe+xzCw

    Score
    10/10
    jupyterbackdoorstealertrojan

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks