jupyter | ddfd72d4bf18b66dab7f2c25ec3109b9de4cdccb8d7e59695bec8a1d60d3a17e | Triage

Sharing

General

Target

Tools-Invoice.pdf (1).zip
Size

3.5MB
Sample

240309-aef9dsac78
MD5

2e96fb658ea4d43fe3dd89cc16339e43
SHA1

e31007aa860c9394ecd0a2557e63235cf3454ea1
SHA256

ddfd72d4bf18b66dab7f2c25ec3109b9de4cdccb8d7e59695bec8a1d60d3a17e
SHA512

2fb188ced1cfcc353a0ac4bbbe134ae4633586db6ad232f306624bf881f1d364e87519b489c50d8d514ffceeed9ecaafc65e478027a0b7e5dd83357020a0f137
SSDEEP

49152:WjKhYNuvZEZ3PytGAU1Z5/LBeoyZlX1wH6KzlBxFKfDfOt:WjKhwI0qtv8ALL1jyXHuDfI

Score

10^/10

jupyter backdoor stealer trojan

Malware Config

Extracted

Family

jupyter

C2

http://146.70.71.174

Targets

- Target
  
  Tools-Invoice.pdf (1).exe
- Size
  
  272.0MB
- MD5
  
  19ec298f977fdc71f195a4782fa8b156
- SHA1
  
  4a6035ce7510a7cc02bb785244e2cfcaec89131d
- SHA256
  
  32b42c8c10ce7ec03005931d079fe7bb7f0e5b36bcf57a789081c6f7787e630c
- SHA512
  
  d8cd8e043c24998d41b06ed0de8a8628389dab04be583094e68f5660ccc666dc260367297d373c800869fe36878aa8730fe35c2eb0b1e6631c0c2fec338b2391
- SSDEEP
  
  49152:Uj+t6IRUEFX1PVv3Gfbs8HuQq1nvHol6Kz3DfjkJO:Uj+tNtV/AAFBH9yzLt
Score

10^/10

jupyter backdoor stealer trojan
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jupyterbackdoorstealertrojan

behavioral2

jupyterbackdoorstealertrojan