Overview

overview

10

Static

static

1

77fa1b6fc7...23.exe

windows7-x64

7

77fa1b6fc7...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eaf0a33663ec3456f79f6f8cd9bafd06_JaffaCakes118

  • Size

    13.5MB

  • Sample

    240410-ndgqesdf93

  • MD5

    eaf0a33663ec3456f79f6f8cd9bafd06

  • SHA1

    10c7260e75fff37edc0d03407d821983b4a2e527

  • SHA256

    c90b059163c2e19952d3223afb985ae950c35060a8cb39560bcbd1b4c398884d

  • SHA512

    ba9a2f89619e4711317b88053fc0317171defef99db674ab61ea512e89fb92c3364176f4db193de8684247b9a5f32d5a67332e56c2703cd63d63bf74e0ca7937

  • SSDEEP

    393216:ynJP39Z2sW50wLe15VDtQx6So8RZEiwf/GTLF:yJfLqrLecXokZEiKAF

Score
10/10
jupyterbackdoorstealertrojan

Malware Config

Extracted

Family

jupyter

Version

IN-5

C2

http://46.102.152.102

Targets

    • Target

      77fa1b6fc7f192b0c983d1f8ecc73effae4f688a49439a7df27e76cfba870d23

    • Size

      111.3MB

    • MD5

      0528d25fbaff11e69be186da25057e70

    • SHA1

      bfd60e47cdedd1f0f1a1e6a3b9d0dcee72537120

    • SHA256

      77fa1b6fc7f192b0c983d1f8ecc73effae4f688a49439a7df27e76cfba870d23

    • SHA512

      ff4d9c6f764dce822e669f2b20811e6fa1a98a21db37ad464621a1252e6ba75619c650001b5e699876903324d3d151a7a859abf27d68e6f54143bbc2b89f0af3

    • SSDEEP

      393216:2YQJsv6tWKFdu9Ct3KXFmvflTsvQsFF8c3E9YjhHt1ew5vHNTAEN7RW11vQ6iRxV:D23mmvNTsec3E9shN1ew5A5BMvOc

    Score
    10/10
    jupyterbackdoorstealertrojan

    • Jupyter Backdoor/Client payload

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks