Extracted

• • Target

    Free-Business-Partner-Contract-Template.msi

  • Size

    109.5MB

  • MD5

    44d70c2dd1cdcfc30df95a6b676dc326

  • SHA1

    93846f239ecf71c1a8e067f880070a814868060b

  • SHA256

    0adfbce8a09d9f977e5fe90ccefc9612d1d742d980fe8dc889e10a5778592e4d

  • SHA512

    108cd1b9cb1fd387d20a06edc0be0e3e00ffc3b2dfe4d5dd636cd642072fa740311824dbdd1b403d8b650fc57d450dbae324ef2e22bed67f5467b6b4095aa80d

  • SSDEEP

    98304:TYsfUbJeGKExXADDHY2P9m6E1tsg/qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqm:TfUdD3xwXHY206y4LY

  Score

  10^/10

  discoveryjupyterbackdoorstealertrojan

  • Jupyter Backdoor/Client payload

  • Jupyter, SolarMarker

    Jupyter is a backdoor and infostealer first seen in mid 2020.

    backdoortrojanstealerjupyter

  • Drops startup file

  • Blocklisted process makes network request

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1behavioral2