jupyter | 19e1c5f899e604cbdf35f80895496b193c7623a90ebb64cbf7d6eaa9bd5cc5e8 | Triage

Submit
Reports

Overview

overview

Static

static

1

9a2fafdd0e...5e.exe

windows7-x64

7

9a2fafdd0e...5e.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_19e1c5f899e604cbdf35f80895496b193c7623a90ebb64cbf7d6eaa9bd5cc5e8
Size

1.6MB
Sample

241222-gmgnfswnex
MD5

93952b7fbb805c67818676f4985591a7
SHA1

9fa63fd68bc3cad5262c2d4b177068fdf94c118c
SHA256

19e1c5f899e604cbdf35f80895496b193c7623a90ebb64cbf7d6eaa9bd5cc5e8
SHA512

6f42f5dddcd1ca569d423fe142273e014cc76ea49cb1c55a34c4c21bafcabac0a86ad839e78308ddd0f3e7e6b6df9c9f1433ec59cd02d3e8133bdc845451fe18
SSDEEP

49152:uziTuAMyw6oPeZi5iR/4xUYZE+1uXsWFgCFQSDhkVeZZ:uXxywx26cKa+cXsWiCJaAH

Score

10^/10

jupyter backdoor discovery execution link pdf stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

9a2fafdd0e7cc6266c6075432fc48e8d5c7065a1d455683dfaa4c37a9ed0825e.exe

Resource

win7-20241010-en

discovery link pdf

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9a2fafdd0e7cc6266c6075432fc48e8d5c7065a1d455683dfaa4c37a9ed0825e.exe

Resource

win10v2004-20241007-en

jupyter backdoor discovery execution link pdf stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

jupyter

Version

FB-1

C2

http://185.134.30.115

Targets

- Target
  
  9a2fafdd0e7cc6266c6075432fc48e8d5c7065a1d455683dfaa4c37a9ed0825e.bin
- Size
  
  2.2MB
- MD5
  
  0019cd9ad9aa600af414e441369de01e
- SHA1
  
  8f9350264179defcbf4e5903b0dbbc869adf4839
- SHA256
  
  9a2fafdd0e7cc6266c6075432fc48e8d5c7065a1d455683dfaa4c37a9ed0825e
- SHA512
  
  757f6b4f125a41492fed5dc5bdf151e3da9a3aef7ce6afd6b88e106c3378fe1bdecc210145230305e2808e094d3c47f33ceca9d1e9de13305a67e8bba54ee077
- SSDEEP
  
  49152:fqe3f6qeqKoubuatEiRQhVnKZF3Zsfs+rFa4mzaf0nJg4r/8m:CSiqeqKoutEi8nuwfaEcJ5H
Score

10^/10

discovery link pdf jupyter backdoor execution stealer trojan
- Jupyter Backdoor/Client payload
- Jupyter family
  jupyter
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverylinkpdf

behavioral2

jupyterbackdoordiscoveryexecutionlinkpdfstealertrojan

© 2018-2025

Terms | Privacy