jupyter | 7462809739b96455ae2f24a3a0089574147185ae67d602d42db2314bdeb101b7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

00b4442af9...f9.exe

windows7-x64

8

00b4442af9...f9.exe

windows10-2004-x64

Sharing

General

Target

7d1615861d384ac64360ac3a283f5ba8_JaffaCakes118
Size

11.2MB
Sample

241029-29pykasbkp
MD5

7d1615861d384ac64360ac3a283f5ba8
SHA1

eb6bc7228d63df0b9cb27bf000fac0ada32fd36b
SHA256

7462809739b96455ae2f24a3a0089574147185ae67d602d42db2314bdeb101b7
SHA512

dc9c7f9b848e7d1a0e0c69547e0a8dafef19c718b542a550cc05a96ec6def05e3cca1edc3d67235346167c7b2ee843f200b5bde3a1728e0d31683b75a058cb31
SSDEEP

196608:YhDJWfCLnC8TLhcLzByrf3qJuW0RXL0+OJtxYDm+mgF5IRf8Pb92SeSSV+E1FP1a:YhDUCLnCwcLzBqVNqvYDm+fzII9YwyJs

Score

10^/10

jupyter backdoor discovery execution stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe

Resource

win7-20240903-en

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9.exe

Resource

win10v2004-20241007-en

jupyter backdoor discovery execution stealer trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

jupyter

Version

IL-4

C2

http://185.244.213.64

Targets

- Target
  
  00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9
- Size
  
  121.8MB
- MD5
  
  f456565c272ac8ad9d0751b76cc026bc
- SHA1
  
  d2f80b5f1d5756e890a89cca5532dabe8e466d11
- SHA256
  
  00b4442af9d1fa3ed6dacb22bd133c65278f3c0aca9c331c16035f6b77c428f9
- SHA512
  
  a890eb73154f7c292f5b608646b5303f098423b1c3476f062b71accce0dbde9f41ab170cadfd26912d747524b5dede68d9b81c4eb5147571748a40a9033dc3bc
- SSDEEP
  
  393216:4ezBr1SCF0LIUYuFBmY54NEZPb+ON8BM+:4kBrxM5YuF4jNePbH2M+
Score

10^/10

discovery jupyter backdoor execution stealer trojan
- Jupyter Backdoor/Client payload
- Jupyter family
  jupyter
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

jupyterbackdoordiscoveryexecutionstealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.