jupyter | b0d7b86568b29605b5b9209be95f88d7033d6ab8ae9c6c1a100b44b8ea9e02fb | Triage

Submit
Reports

Overview

overview

Static

static

1

cd51b02027...69.exe

windows7-x64

8

cd51b02027...69.exe

windows10-2004-x64

Sharing

General

Target

0e19c4e90440e8ebf974e705990fadde_JaffaCakes118
Size

11.2MB
Sample

241003-fzd8eswfrk
MD5

0e19c4e90440e8ebf974e705990fadde
SHA1

f32158810b1edf749294c8a5abe65002a3016961
SHA256

b0d7b86568b29605b5b9209be95f88d7033d6ab8ae9c6c1a100b44b8ea9e02fb
SHA512

9f334d43003629846d753bd72f6050a542a51d45f5e0c5962228ed7b9fd28ebe8456097390186eaf16b01963d9f5c461db1408a0e68f4ba2144d78f21e71b555
SSDEEP

196608:HFp6ihCMkiCuyENoLfl51tcgFcN6SX/Ndh+mnYELmgaOrHRmBPCgwG4SSyQ5C009:HFp6nMkiCqoLflnnQMUYELmX6H9gQ9M/

Score

10^/10

jupyter backdoor discovery execution stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

cd51b02027d6e08d86b90eaa03b3ecf6ea777a129b9bca1631fdf4ea278e1269.exe

Resource

win7-20240903-en

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd51b02027d6e08d86b90eaa03b3ecf6ea777a129b9bca1631fdf4ea278e1269.exe

Resource

win10v2004-20240802-en

jupyter backdoor discovery execution stealer trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

jupyter

Version

IN-13

C2

http://185.244.213.64

Targets

- Target
  
  cd51b02027d6e08d86b90eaa03b3ecf6ea777a129b9bca1631fdf4ea278e1269
- Size
  
  111.9MB
- MD5
  
  2f89be8512ad3718014b6d0968860c7a
- SHA1
  
  ba92697c07d56ad62865b39a732282c32da0169a
- SHA256
  
  cd51b02027d6e08d86b90eaa03b3ecf6ea777a129b9bca1631fdf4ea278e1269
- SHA512
  
  10b215a47d905c33ad3622a863f7b247e1245800beba0ee0cc895f691c9258487bdc30f1825f1da509463c95df6860fed6279f667c68de25063c77e7570cb8a2
- SSDEEP
  
  393216:ePzBr1SCF0LIUYuFBmY54NEZPb+ON85c9ld3:ebBrxM5YuF4jNePbHoWld3
Score

10^/10

discovery jupyter backdoor execution stealer trojan
- Jupyter Backdoor/Client payload
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

jupyterbackdoordiscoveryexecutionstealertrojan

© 2018-2024

Terms | Privacy