General

  • Target

    Tools-Invoice.pdf.7z

  • Size

    2.0MB

  • Sample

    240425-xjdqdsdf48

  • MD5

    0cdc67b3f8a598bec1e06964536d5998

  • SHA1

    99c6c928f0a7843e422a89d578175ad011ea4f10

  • SHA256

    dbba073f0c88fe42a7614b65cb8db2f5ad346fdfb1e21763288d2d73e65c9b6f

  • SHA512

    4414cd2085a1d207d4d02d0cafd33cca7fcd0faa57c2264891b088ff8fd0b872cb45bf932fe49b72ca0e6611eb165e20f9a432d6d5c8daf73ecb042b77cb2326

  • SSDEEP

    49152:ZXWm5vNti62RUJhdigVRTX1uIpEI+1ZoEatFg0uU/:z26cUJhNnEImoJFg05/

Malware Config

Extracted

Family

jupyter

C2

http://146.70.71.174

Targets

    • Target

      Tools-Invoice.pdf.exe

    • Size

      272.0MB

    • MD5

      19ec298f977fdc71f195a4782fa8b156

    • SHA1

      4a6035ce7510a7cc02bb785244e2cfcaec89131d

    • SHA256

      32b42c8c10ce7ec03005931d079fe7bb7f0e5b36bcf57a789081c6f7787e630c

    • SHA512

      d8cd8e043c24998d41b06ed0de8a8628389dab04be583094e68f5660ccc666dc260367297d373c800869fe36878aa8730fe35c2eb0b1e6631c0c2fec338b2391

    • SSDEEP

      49152:Uj+t6IRUEFX1PVv3Gfbs8HuQq1nvHol6Kz3DfjkJO:Uj+tNtV/AAFBH9yzLt

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks