Overview

overview

10

Static

static

1

Free-Blank...es.msi

windows7-x64

7

Free-Blank...es.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a726624d2ca09282a768076c02671b39_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240403-1cjvlsdc9v

  • MD5

    a726624d2ca09282a768076c02671b39

  • SHA1

    af2d7f5242c62865c436534942ff99638a797b80

  • SHA256

    5bdc8baa36f16e24a3d4fab46ccd9d599a652dc8d9daa7b0329d485a427a5ca8

  • SHA512

    4da0496d1ad733e69ab7127d44e6bc93531471235e6ec99afcc4bd9fb9b574279833ae4d3df57d0c4938aeb6a674411347d307cecde9d893bc94468765a25861

  • SSDEEP

    24576:bazOu2aXNy7F9mtVDBYz6U3gtaOiuq6DediiERU2kFVRdVw/y0zXb:bazX2aXNy7X0hBnU33Oiuq6SdEU2YVRW

Score
10/10
jupyterbackdoorstealertrojan

Malware Config

Extracted

Family

jupyter

Version

OC-7

C2

http://149.255.35.179

Targets

    • Target

      Free-Blank-Business-Card-Templates.msi

    • Size

      101.8MB

    • MD5

      8213911a074f0b37b018ab4c14e5b4a5

    • SHA1

      84fbbfa8104318df77ec1b229c06b6e343bcea15

    • SHA256

      c61348ab7e5ffeb9ba5d1077b13c49bde4d841c5ada9a119f8234af89421f783

    • SHA512

      9f8baf44b58f7b79ed01c0dbb1f492b7caa651df7507e6b780278dc238645f51199fc4105b59def5e7136aa7f59f7d51740aa85eef684056b35e06b057fcc9a5

    • SSDEEP

      49152:WwxcLDe+cpl7+GgyV27HgTrztiIpqtSZFI6UUUUUUUUUUUUUUUUUUUUUUUUUUUUx:xa/MpZugTFZFIYN

    Score
    10/10
    jupyterbackdoorstealertrojan

    • Jupyter Backdoor/Client payload

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Drops startup file

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks