Overview

overview

10

Static

static

3

bundle_patched.exe

windows10-1703-x64

10

bundle_patched.exe

windows10-2004-x64

10

bundle_patched.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bundle_patched.exe

  • Size

    3.8MB

  • Sample

    240419-a59zdsbf72

  • MD5

    0de7aa81e0423fca43986c3b90e1eb7d

  • SHA1

    e89f3aa2fd4122a73ba1652e9a1d2bdcb8cf27a6

  • SHA256

    720a309d0ef91af20731ff1932403413fa5e2b925a5aca7ac19336a9f9e8295e

  • SHA512

    31cce3d0dd1dbaeba87edaac7560a03b2f4d4bb827145c2355127058014e3dbe0aaf3ea59b58ca8896249c79b2580da89810a2e1ae09866f71e155e43872e958

  • SSDEEP

    49152:rYCAeB2lr71SuRLZlhfyqeuvUm/q1pstArpE12kqRgTHj+lVKgi:ji

Score
10/10
jupyterbackdoorstealertrojan

Malware Config

Extracted

Family

jupyter

C2

146.70.40.235

Targets

    • Target

      bundle_patched.exe

    • Size

      3.8MB

    • MD5

      0de7aa81e0423fca43986c3b90e1eb7d

    • SHA1

      e89f3aa2fd4122a73ba1652e9a1d2bdcb8cf27a6

    • SHA256

      720a309d0ef91af20731ff1932403413fa5e2b925a5aca7ac19336a9f9e8295e

    • SHA512

      31cce3d0dd1dbaeba87edaac7560a03b2f4d4bb827145c2355127058014e3dbe0aaf3ea59b58ca8896249c79b2580da89810a2e1ae09866f71e155e43872e958

    • SSDEEP

      49152:rYCAeB2lr71SuRLZlhfyqeuvUm/q1pstArpE12kqRgTHj+lVKgi:ji

    Score
    10/10
    jupyterbackdoorstealertrojan

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks