Extracted

• • Target

    California-Nurses-Association-Kaiser-Contract.msi

  • Size

    101.7MB

  • MD5

    d32bff7790a7a7cc09e3fd8a604e4462

  • SHA1

    8097f23668557b2dcdf6d3aca285c0d499b5c78f

  • SHA256

    3303926a6468dab25286a65bb9f3e5883a8938e6501031b3b85e21f182d1ed0d

  • SHA512

    cc5f0ff6e7121970c98efe91dff8846c0216faab8daac0102ece6110cb05d2e4504edd2b191c1f0a571a503c4ea3c51add920b22db9696e70579d5d246a43ac0

  • SSDEEP

    49152:cwxcLDe+cpl7+GgVVN7HgTrztiIpqtSZFmD:Pa/MpZGgTFZFmD

  Score

  10^/10

  discoveryexecutionpersistenceprivilege_escalationjupyterbackdoorstealertrojan

  • Jupyter Backdoor/Client payload

  • Jupyter family

    jupyter

  • Jupyter, SolarMarker

    Jupyter is a backdoor and infostealer first seen in mid 2020.

    backdoortrojanstealerjupyter

  • Drops startup file

  • Blocklisted process makes network request

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1behavioral2