Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
22-12-2024 04:04
Static task
static1
Behavioral task
behavioral1
Sample
stealer.ps1
Resource
win7-20241023-en
windows7-x64
6 signatures
150 seconds
General
-
Target
stealer.ps1
-
Size
1KB
-
MD5
221ba99f2eae353483ad100f249a2292
-
SHA1
5ff576e06e3dbc4aa0459c5201df3831e014c2f6
-
SHA256
c6f3a64385e67fb1117a3d05a454ee1f97fd8a6871e66de25d655ebc8dc87295
-
SHA512
a418b32d79a5291e9013aa8296fcb6128f0bea77def32ed05797903f9597a66016fd6aca24eb41478d77775035bf8fde63f54faf1c1167d402a6cd1180076973
Malware Config
Extracted
Family
jupyter
Version
SP-13
C2
http://45.42.201.248
Signatures
-
Jupyter Backdoor/Client payload 1 IoCs
resource yara_rule behavioral1/memory/1628-12-0x0000000002B60000-0x0000000002B6E000-memory.dmp family_jupyter -
Jupyter family
-
pid Process 1628 powershell.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1628 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1628 powershell.exe