jupyter | fbef401c6a7ad24640f6b6583aa0d0fa02aa895c47ab08e68b0e6e312d1b42a5 | Triage

Submit
Reports

Overview

overview

Static

static

7

StatesFenc...ee.exe

windows7-x64

9

StatesFenc...ee.exe

windows10-2004-x64

Resubmissions

05-03-2024 23:31

240305-3hsqtace5s 10

05-03-2024 18:08

240305-wq4dysdc2y 10

Sharing

General

Target

StatesFenceStatutesTennessee.exe
Size

327.7MB
Sample

240305-wq4dysdc2y
MD5

7e25fdb1932480e3e6ec31b22d08c19e
SHA1

0dfca2e6c1c89b1e85fdbb9da31a93964db7b826
SHA256

fbef401c6a7ad24640f6b6583aa0d0fa02aa895c47ab08e68b0e6e312d1b42a5
SHA512

2bb81a8ddda7ef4bbc9508c7c80f56b5a00215674ad38e442937c42a2ecdf4e827b906b97bf63c67c36dd0a7ef78d2c6b5b6202d96516ece8b5d2dbd355f8326
SSDEEP

196608:99GeDVI5DKBWZlkgJedYs6LtYdEhqTgKDf:9kYVI5DK2NNs6LtYdEhSpz

Score

10^/10

jupyter agilenet backdoor evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

StatesFenceStatutesTennessee.exe

Resource

win7-20240221-en

agilenet evasion themida trojan

windows7-x64

7 signatures

1800 seconds

Behavioral task

behavioral2

Sample

StatesFenceStatutesTennessee.exe

Resource

win10v2004-20240226-en

jupyter agilenet backdoor evasion stealer themida trojan

windows10-2004-x64

17 signatures

1800 seconds

Malware Config

Targets

- Target
  
  StatesFenceStatutesTennessee.exe
- Size
  
  327.7MB
- MD5
  
  7e25fdb1932480e3e6ec31b22d08c19e
- SHA1
  
  0dfca2e6c1c89b1e85fdbb9da31a93964db7b826
- SHA256
  
  fbef401c6a7ad24640f6b6583aa0d0fa02aa895c47ab08e68b0e6e312d1b42a5
- SHA512
  
  2bb81a8ddda7ef4bbc9508c7c80f56b5a00215674ad38e442937c42a2ecdf4e827b906b97bf63c67c36dd0a7ef78d2c6b5b6202d96516ece8b5d2dbd355f8326
- SSDEEP
  
  196608:99GeDVI5DKBWZlkgJedYs6LtYdEhqTgKDf:9kYVI5DK2NNs6LtYdEhSpz
Score

10^/10

agilenet evasion themida trojan jupyter backdoor stealer
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agilenetevasionthemidatrojan

behavioral2

jupyteragilenetbackdoorevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy