Overview

overview

10

Static

static

3

AppInstall...ed.exe

windows10-1703-x64

10

AppInstall...ed.exe

windows10-2004-x64

10

AppInstall...ed.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AppInstaller_patched.exe

  • Size

    4.2MB

  • Sample

    240220-ysjhnsec8v

  • MD5

    c47bfc7c4fbb500ff86e3297bb23ed7e

  • SHA1

    0445151068909c5f0e53d0b4a6e76d880f6011bc

  • SHA256

    64f542d734cbf1b95165607c3b280807c99c9f2594c61afdf409a6151aa94a8e

  • SHA512

    5b37d151bb48fca4886c05edb9d070341038c63fdf4766e746e82efd1ee27ac34df69fcd90279043d6c396b16d484632167cb77f50b745e43be992b914e45a46

  • SSDEEP

    49152:961dzQ1n9ZKWf6yP6vnG8lP2JONqf0rjPCa5s4oGhXI:AXI

Score
10/10
jupyterbackdoorstealertrojan

Malware Config

Targets

    • Target

      AppInstaller_patched.exe

    • Size

      4.2MB

    • MD5

      c47bfc7c4fbb500ff86e3297bb23ed7e

    • SHA1

      0445151068909c5f0e53d0b4a6e76d880f6011bc

    • SHA256

      64f542d734cbf1b95165607c3b280807c99c9f2594c61afdf409a6151aa94a8e

    • SHA512

      5b37d151bb48fca4886c05edb9d070341038c63fdf4766e746e82efd1ee27ac34df69fcd90279043d6c396b16d484632167cb77f50b745e43be992b914e45a46

    • SSDEEP

      49152:961dzQ1n9ZKWf6yP6vnG8lP2JONqf0rjPCa5s4oGhXI:AXI

    Score
    10/10
    jupyterbackdoorstealertrojan

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks