General

  • Target

    install-tool.exe.zip

  • Size

    7.7MB

  • Sample

    231122-t1eggadf67

  • MD5

    d84049cc950621bd7456a69b893f1386

  • SHA1

    b662666abbc70206c757b407d26d17ef05e3234d

  • SHA256

    3a7b0405708dbb541e9a134ae8b16765cd3df0edd5661590d48a6e1a75e184e7

  • SHA512

    037e4cf48a1844331439ff54029597399c36e9c69d76337ed46afc5cab672fa1fe89ab4c310980e0d367f06dfc8d10e92089c9be85c3d9c2cedb90203533395f

  • SSDEEP

    196608:mlijbuKQwYNBPC46m5oBFPFbo8Mr5lNVe:ml8uKZYNBPC462ovPMU

Malware Config

Extracted

Family

jupyter

C2

http://91.206.178.109

Targets

    • Target

      install-tool.exe

    • Size

      316.5MB

    • MD5

      3a2d847492d51b9d953d04de42708cff

    • SHA1

      4080c96438a31822d2b994a8ef235475b360b271

    • SHA256

      dd2e32461bc4ee417a49566db06f29cf84aef11577c9648f4b3f62ac0edf354e

    • SHA512

      ee5f1b8fc852739fd5cc03c1f04155da98dd4299e863aea89cde2a9f87fb0abed838fdf59ce812b72278d67362b3071413aba99392ad98430f56ed9afceda5fd

    • SSDEEP

      49152:G4iuxDqN1I1F0qYRWUTnvn8y00sCSLT7VCizOrfXhHf3pMoA/5ymH9IdxvYCUfff:Gg

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Blocklisted process makes network request

    • Drops startup file

MITRE ATT&CK Enterprise v15

Tasks