Overview

overview

10

Static

static

1

032b09bbf1...ec.exe

windows7-x64

7

032b09bbf1...ec.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f17761a0d7752d13f0e97668ad015d19_JaffaCakes118

  • Size

    13.5MB

  • Sample

    240415-tpzm9sch6s

  • MD5

    f17761a0d7752d13f0e97668ad015d19

  • SHA1

    f34fbe33f36406254fd2780878882aef4c399cdc

  • SHA256

    697cb7e261bc5afa0968304b1401b1d8219ad4f6c734d3fe1bde0aca1e626894

  • SHA512

    6a6c234c06bb28877e6bab9f28f9f5bd1ca3e0414ade3241faf75449bfaf752386f67a28f1ad6303152f0cd82daeb6263789643e745e7fb76e7a7baeef231d14

  • SSDEEP

    393216:BX63g7HqV1hKUF09LiIvqHBrT8No/DcMW7L1AAp:8weV1hKDy3q55p

Score
10/10
jupyterbackdoorstealertrojan

Malware Config

Extracted

Family

jupyter

Version

IN-7

C2

http://46.102.152.102

Targets

    • Target

      032b09bbf1c63afc06afb011d69bafc096d7d925d99e24e3785db5a2957358ec

    • Size

      111.4MB

    • MD5

      4112664345f851b2f3e1b7f19fedd41b

    • SHA1

      871f5c20f9af3e77157d88e5b518f0f2d506c3a0

    • SHA256

      032b09bbf1c63afc06afb011d69bafc096d7d925d99e24e3785db5a2957358ec

    • SHA512

      3d9dfa5b04106c113e99f6f57645c702b85a802489773e804aee287ef2cd28b3d04b59ab121d32222c066ce46812adafdb86e1f3d1cf0a7b20ee35f752277571

    • SSDEEP

      786432:Q22mmvNTsec3E9shN1ew5A5BMvj2222222222222222222222222222222222222:HFmVTTgE9QA5G7u

    Score
    10/10
    jupyterbackdoorstealertrojan

    • Jupyter Backdoor/Client payload

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks