Overview

overview

10

Static

static

10

extracted-1.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    extracted-1.ps1

  • Size

    756KB

  • Sample

    241122-ce9xtasja1

  • MD5

    54a16f3dc4fc71077791305aebffef92

  • SHA1

    ce8789f854d83627f13dd4a257e63c9d0de8805f

  • SHA256

    37abfb895661e2bf39b8c68145b7d6b07e87401941dc64a3b27dd796e26f24ee

  • SHA512

    d06aa0604fdc1adb43d45ce170aabb4cb1605d96792ab055b873824963a4dec2da8f95bd58197977cf8b53c7c9d51722aee56273afec99068f8b3ac89d1b0d39

  • SSDEEP

    12288:ZdZV/VY1zxCLwFCRGnwt2DD/w8EiGK9H6KR6jptxAVdYkXqxqIgztrj:tbLXRGwtHFiJ9N6BnHqBv

Score
10/10
jupyterbackdoordiscoveryexecutionstealertrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://download.wondershare.com/inst/pdfreader_setup_full13142.exe

Extracted

Family

jupyter

C2

http://185.94.191.54

Targets

    • Target

      extracted-1.ps1

    • Size

      756KB

    • MD5

      54a16f3dc4fc71077791305aebffef92

    • SHA1

      ce8789f854d83627f13dd4a257e63c9d0de8805f

    • SHA256

      37abfb895661e2bf39b8c68145b7d6b07e87401941dc64a3b27dd796e26f24ee

    • SHA512

      d06aa0604fdc1adb43d45ce170aabb4cb1605d96792ab055b873824963a4dec2da8f95bd58197977cf8b53c7c9d51722aee56273afec99068f8b3ac89d1b0d39

    • SSDEEP

      12288:ZdZV/VY1zxCLwFCRGnwt2DD/w8EiGK9H6KR6jptxAVdYkXqxqIgztrj:tbLXRGwtHFiJ9N6BnHqBv

    Score
    10/10
    jupyterbackdoordiscoveryexecutionstealertrojan

    • Jupyter family

      jupyter

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

      backdoortrojanstealerjupyter

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks