Overview

overview

10

Static

static

1

bundle.exe

windows7-x64

1

bundle.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb85c97c81b9ac1293cb4b70c60a790e7f7785a1d0d522643e04c01b87d381f4.zip

  • Size

    3.9MB

  • Sample

    240413-bv4v3acf8s

  • MD5

    f54b6d787fd36793b2ac7ac892d53a43

  • SHA1

    59143f20d2172fe99034ef47530492fe355ff760

  • SHA256

    fb85c97c81b9ac1293cb4b70c60a790e7f7785a1d0d522643e04c01b87d381f4

  • SHA512

    05cdb02a68fe7b5b90c8fb6940ca815e64591cc88da52525398135e9dca94e29b441301094e3610009034d2d780de43832f19ca8c8de4d1232141d65840ebb8d

  • SSDEEP

    49152:TmyGeFiTDcE35qCQRgjNDyHTpHeoqgiIY2PrNG:T8fZ3ACwLzpH5q14jE

Score
10/10
jupyterbackdoorstealertrojan

Malware Config

Extracted

Family

jupyter

C2

146.70.40.235

Targets

    • Target

      bundle.exe

    • Size

      312.7MB

    • MD5

      2ff0830e9343f26b8461deecad326a5b

    • SHA1

      032541368454139c35e2e23a1a57ed21388e8dfd

    • SHA256

      4788925332fc6128c895b0e0736a1d7d90e3891f2abb456523cbf0c1ced7d1e2

    • SHA512

      3eaf18e994cb0ee3c4b82aa8cf6468c0e176cd37d6d01dda153f2f9147c4c6e919a02587b5f706cce52038581791aaa573f0b11800095aa982d34127c4fa8350

    • SSDEEP

      49152:yYCAeB2lr71SuRLZlhfyqeuvUm/q1pstArpE12kqRgTHj+lVKgV:qV

    Score
    10/10
    jupyterbackdoorstealertrojan

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks