Overview

overview

10

Static

static

1

uploads/nt...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DDWUROXXX016695-C.627bd8107eb13099-F.CLP6DRN1R8BL6.zip

  • Size

    19.4MB

  • Sample

    231208-a6kqwshf7z

  • MD5

    e4221a60f7a114c2ca673873b8705013

  • SHA1

    b3866706a945339d64221150c9a5dfc3e306c2ee

  • SHA256

    ad9b05f44392fa14fb8d8473dc4ad0fd309d51769cd6f7208f087478c84a0e23

  • SHA512

    9b95eccaa8926dba83bea974163771fc097bdd23a80d36a7c7b97cf6c8d0cee5c1cfd326566dfbfa69132a93f07812425295782fc987a1970f37313978850d27

  • SSDEEP

    393216:DxCVmcvcjPV34GYEcSYhdI3ZZCznYSP1BX0kajKRmtb+:DxCItEEqhdYPSP1tN8g

Score
10/10
jupyterbackdoorstealertrojan

Malware Config

Targets

    • Target

      uploads/ntfs/%5C%5C.%5CC%3A/Users/RSturm/Downloads/How-to-Write-an-Executive-Summary.exe

    • Size

      307.8MB

    • MD5

      70d800fff565ff61a5939ce9d68f9fd0

    • SHA1

      4307197a42bed4983d62b60e47fc49ccad12e9bb

    • SHA256

      15b1673b69a09679af01392fc16e19d8c899f310fa6cfe062cdf8020fd572993

    • SHA512

      3e1dada60db411cf6522be878f87fc92943a0bec50918784c1229e6eac46841aafc0864f954e4d9c39b70fe37fece91f543c3ca6e596cec12c00eb48d814746c

    • SSDEEP

      393216:K0wdub0PsZT46G6wKyQmpQDTzqqrlnVr54FwIjug4zn:K0wc9HwGmpU3nV+uHfD

    Score
    10/10
    jupyterbackdoorstealertrojan

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks