Extracted

• • Target

    installer.exe

  • Size

    2.0MB

  • MD5

    db9387b8b5328adf2898eba2851e21c7

  • SHA1

    6100a5dffa1f4d05c6ce029e1148e0f1e2649da1

  • SHA256

    a5f6c3582d8e4c4bf08ecb4389a26a0724acfbe88cb1dc55c7e6eda8fb8fde8b

  • SHA512

    ce1c97177cf16336a9f46d768360abd79a2726b80786422d62c02e2044cac590a33ef90d48bb91db19dbcdef4f4e3eb1e874078926f865317103ed12c93cefb4

  • SSDEEP

    24576:f3Romk0GRu5XJH2ORDEhkcaHQinDq76L8j4oBYJSqppoTcXuJh:f3RZvGWJ+CminQkZGoXI

  Score

  10^/10

  jupyterbackdoordiscoverystealertrojan

  • Jupyter family

    jupyter

  • Jupyter, SolarMarker

    Jupyter is a backdoor and infostealer first seen in mid 2020.

    backdoortrojanstealerjupyter

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1behavioral2