jupyter | d55bef20fb35bfa047a9e798033c7b7a55b0ca0ace429e309a3d7cf67b29b8bf | Triage

Sharing

General

Target

JaffaCakes118_d55bef20fb35bfa047a9e798033c7b7a55b0ca0ace429e309a3d7cf67b29b8bf
Size

43KB
Sample

241222-hhdxfayjfk
MD5

3d270a47a320aeb46d7876e3a2963f4e
SHA1

3bae99a4be8447ddb89f7fe5c97cf015ffe2f5b5
SHA256

d55bef20fb35bfa047a9e798033c7b7a55b0ca0ace429e309a3d7cf67b29b8bf
SHA512

d9d712b834e126aade1d9c5cf7ce6f26cb3d85b5e8bfeaebae13ea78cab986e60fef585f595675b1053837d26eb60379b4c239a624523ed3f93951d60a00abe0
SSDEEP

768:C4FZN7HvLSuibLD8oOmfI4zZR/w6I3nxJE9I005L1ntpd90VVf7zIoT6VCSPS:C4FZN7H2N8EfLNR7I3nxJEe00ZluJzTr

Score

10^/10

jupyter backdoor execution stealer trojan

Malware Config

Extracted

Family

jupyter

Version

OC-12

C2

http://92.204.160.233

Targets

- Target
  
  eb6bc8b129be5249bada70182e4de5d14036b9d45db954ecfd2559da1e17053f
- Size
  
  65KB
- MD5
  
  12269047226f5871f1993084f95cf496
- SHA1
  
  b1f37fc678807b17f19cce8e31d8fd254d52eea1
- SHA256
  
  eb6bc8b129be5249bada70182e4de5d14036b9d45db954ecfd2559da1e17053f
- SHA512
  
  49be3c32c8feb9051c456195485d092d2ed448e70e29bfc9b673f87de81b5495c8dcaa51b3d0c4553d7f0fb42aaa00c81d7df7470db5444029d638968cdbcc5e
- SSDEEP
  
  1536:TB/0A9qWmZeyDuI4SAtB6aDN8wLDscn4JTIBp53L2o6E:SzZTuI4p61aDsH2yo6E
Score

10^/10

jupyter backdoor execution stealer trojan
- Jupyter Backdoor/Client payload
- Jupyter family
  jupyter
- Jupyter, SolarMarker
  Jupyter is a backdoor and infostealer first seen in mid 2020.
  backdoor trojan stealer jupyter
- Blocklisted process makes network request
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jupyterbackdoorexecutionstealertrojan

behavioral2

jupyterbackdoorexecutionstealertrojan