General
-
Target
installer-bundle.exe.zip
-
Size
8.6MB
-
Sample
231201-tpnk1ade9v
-
MD5
1876f22122c10e270f6d2bfa5b6a507f
-
SHA1
61e15be1434d0c897ea30121a16c90208fe0baec
-
SHA256
9ed713aab05f4d8d6c3483283b23c3f7dd68d7b7d03d85a2b906f70ee9240815
-
SHA512
cc535cd833ec30055e2de747f41b6f34a370821549ee0b113935af95c5575ab58db2da8c3f9f7a154b39617000e21601b345893c97db622ca171b0f1d821024b
-
SSDEEP
98304:2jGdEU9j8ILeadLzYTG66K8ZTAcYVTJK6vgIgL/gJoimZEp0fVCFBFHaY7m2j7Hm:sDINoq66ZTzYVjgrLIJoimZteb68rXG
Malware Config
Targets
-
-
Target
installer-bundle.exe
-
Size
297.0MB
-
MD5
89201ce10536a148d50965df4e4369b3
-
SHA1
01f86c9b588dc0581f2395f94ee741b3d93a5b37
-
SHA256
f88a27309d2915e04cd8ccac850db250f214ade9ce0fe38029f0214283ebb5c4
-
SHA512
347d9f7ffad6c003ad093fae1c6eef87ea6947d0e9f0090a0a874f8ea5200160f15ef0ad359f566f592c96e498946889915e1fb3822abb85dd3c717e95a82dfa
-
SSDEEP
196608:DJyNdoogJhRAV1Ptfq58Kmrax9r222222222222222222222222222222222222P:lcdoNhC/Ptgmyczm
Score10/10-
Jupyter, SolarMarker
Jupyter is a backdoor and infostealer first seen in mid 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-