Overview

overview

10

Static

static

1

installer-bundle.exe

windows7-x64

7

installer-bundle.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ed713aab05f4d8d6c3483283b23c3f7dd68d7b7d03d85a2b906f70ee9240815.zip

  • Size

    8.6MB

  • Sample

    231202-k7pfksbb89

  • MD5

    1876f22122c10e270f6d2bfa5b6a507f

  • SHA1

    61e15be1434d0c897ea30121a16c90208fe0baec

  • SHA256

    9ed713aab05f4d8d6c3483283b23c3f7dd68d7b7d03d85a2b906f70ee9240815

  • SHA512

    cc535cd833ec30055e2de747f41b6f34a370821549ee0b113935af95c5575ab58db2da8c3f9f7a154b39617000e21601b345893c97db622ca171b0f1d821024b

  • SSDEEP

    98304:2jGdEU9j8ILeadLzYTG66K8ZTAcYVTJK6vgIgL/gJoimZEp0fVCFBFHaY7m2j7Hm:sDINoq66ZTzYVjgrLIJoimZteb68rXG

Score
10/10
jupyterbackdoorstealertrojanupx

Malware Config

Targets

    • Target

      installer-bundle.exe

    • Size

      297.0MB

    • MD5

      89201ce10536a148d50965df4e4369b3

    • SHA1

      01f86c9b588dc0581f2395f94ee741b3d93a5b37

    • SHA256

      f88a27309d2915e04cd8ccac850db250f214ade9ce0fe38029f0214283ebb5c4

    • SHA512

      347d9f7ffad6c003ad093fae1c6eef87ea6947d0e9f0090a0a874f8ea5200160f15ef0ad359f566f592c96e498946889915e1fb3822abb85dd3c717e95a82dfa

    • SSDEEP

      196608:DJyNdoogJhRAV1Ptfq58Kmrax9r222222222222222222222222222222222222P:lcdoNhC/Ptgmyczm

    Score
    10/10
    jupyterbackdoorstealertrojanupx

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks