Resubmissions

19-06-2024 06:12

240619-gyadhsvhkh 10

16-09-2021 08:31

210916-keqg6scfa6 10

General

  • Target

    Due-Diligence-Checklist-For-Oil-And-Gas-Properties.7z

  • Size

    6.4MB

  • Sample

    240619-gyadhsvhkh

  • MD5

    91a459c227f20791aff59f13a66b3723

  • SHA1

    d5806d811789b753b9edcbb97412a333568bd001

  • SHA256

    c16b701105afe180c77befa58f8140f9583a1b0538d13b43e52eb2b996885124

  • SHA512

    41f8b82b6952bde961f1bbac1ccdbe88616c2ce0d4bae24e767ad3102fef13d2b7e7761d27225acc1563e8860c67d8a0a80cf895ae9f9d4c552c618db7022f69

  • SSDEEP

    196608:5Nzmn6ULLY/M33Qz4WLO1iOALKgPMnmcl8k8:bmn6UnHQM11oLZPumcly

Malware Config

Extracted

Family

jupyter

Version

SP-13

C2

http://45.42.201.248

Targets

    • Target

      Due-Diligence-Checklist-For-Oil-And-Gas-Properties.msi

    • Size

      123.1MB

    • MD5

      c4772d76029004a5512ea6e2ff3be39b

    • SHA1

      6bda1d3e855a87e5295c933994c2bf58399999e9

    • SHA256

      1197067d50dd5dd5af12e715e2cc00c0ba1ff738173928bbcfbbad1ee0a52f21

    • SHA512

      12d2c556e47d6981b17b4db641391288d7a58c6de770500294eca1ae6dbb3a4734443f634c6acf8130400c45b351e7c6c0c6a08f9f98ab3533518735496503fc

    • SSDEEP

      196608:gWbwgv5oCWjcY9NByzo3H3URiwSib+N6eXN:gWUgBoCWAfz+kRkiaNHXN

    • Jupyter Backdoor/Client payload

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Blocklisted process makes network request

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks