jupyter | 130bd757d52db74b324494e7857532bc3780094f410d05222e64cbf6ad56211a | Triage

Sharing

General

Target

JaffaCakes118_130bd757d52db74b324494e7857532bc3780094f410d05222e64cbf6ad56211a
Size

25KB
Sample

241222-em2yaaspfx
MD5

107dd2cb0039d8c5ff19e5bc2505b9c4
SHA1

69f69cabc0b3c24b26965f2a8d2575c856ec3b20
SHA256

130bd757d52db74b324494e7857532bc3780094f410d05222e64cbf6ad56211a
SHA512

e949036de67fb6336dd3c266969ad651a2a01ba8ea06b0722c6ec198adb6c4e012319b69707c36aafaa844ad5e5d07bb609275f2ade497f35dbddc48ef5f4358
SSDEEP

768:IwgHDvUUA/S15sNEvUUpwnniWFLSZfIbL2ZW2:lgjvA/S15sNyzpwniWkZgbL2ZW2

Score

10^/10

jupyter backdoor execution stealer trojan

Malware Config

Extracted

Family

jupyter

Version

SP-13

C2

http://45.42.201.248

Targets

- Target
  
  stealer.ps1
- Size
  
  1KB
- MD5
  
  221ba99f2eae353483ad100f249a2292
- SHA1
  
  5ff576e06e3dbc4aa0459c5201df3831e014c2f6
- SHA256
  
  c6f3a64385e67fb1117a3d05a454ee1f97fd8a6871e66de25d655ebc8dc87295
- SHA512
  
  a418b32d79a5291e9013aa8296fcb6128f0bea77def32ed05797903f9597a66016fd6aca24eb41478d77775035bf8fde63f54faf1c1167d402a6cd1180076973
Score

10^/10

jupyter backdoor execution stealer trojan
- Jupyter Backdoor/Client payload
- Jupyter family
  jupyter
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jupyterbackdoorexecutionstealertrojan

behavioral2

jupyterbackdoorexecutionstealertrojan