MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85060968c49db70bfae719efb76e1cdfee4d7929e95d12b0ad8c52585fbcec08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Jupyter


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85060968c49db70bfae719efb76e1cdfee4d7929e95d12b0ad8c52585fbcec08
SHA3-384 hash: c83bc54051d19fd54aaf3531cc1f355bf76c2b99523e6d097cd926458c92ebab978e65af0754b468fc6767d424e263b2
SHA1 hash: 5b00b4dfa25d16ace8654f011c84ca8ec6ad6abd
MD5 hash: 628566c6f7dd239e31971a309e76e5d1
humanhash: april-washington-uncle-connecticut
File name:solarmarker11192022.dll
Download: download sample
Signature Jupyter
Create hunting rule
File size:652'288 bytes
First seen:2022-11-19 15:34:35 UTC
Last seen:2022-11-19 17:34:48 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 12288:guIcdK1+cVEVDqnJbNAyIO7x6HEOv3a7v3YT:gu/dcVuQNAyIIzOyTY
Threatray 2 similar samples on MalwareBazaar
TLSH T135D47A043BA5C84C8B6C2BF978AB9717BB2456F3D6C29F4DC79290351A5ACF14CA10F6
TrID 38.0% (.EXE) Win64 Executable (generic) (10523/12/4)
23.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
16.3% (.EXE) Win32 Executable (generic) (4505/5/1)
7.3% (.EXE) OS/2 Executable (generic) (2029/13)
7.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter Anonymous
Tags:dll Jupyter solarmarker


Avatar
Anonymous
C2 91.206.178.132

Intelligence

File Origin
# of uploads :
2
# of downloads :
212
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/336139/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.31438.12178.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6378f7a8a0efd596b82ee585/reports/0f4658fa-320f-48a9-b943-4c2a4a53933a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Solarmarker
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/39e27f15-1893-46f4-bbd2-283603a4f54d
Result
Threat name:
Jupyter
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1117227
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Jupyter backdoor
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 749939 Sample: solarmarker11192022.dll Startdate: 19/11/2022 Architecture: WINDOWS Score: 60 15 Multi AV Scanner detection for submitted file 2->15 17 Yara detected Jupyter backdoor 2->17 19 Machine Learning detection for sample 2->19 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85060968c49db70bfae719efb76e1cdfee4d7929e95d12b0ad8c52585fbcec08/
Threat name:
Win32.Trojan.Tedy
Create hunting rule
Status:
Malicious
First seen:
2022-11-19 15:35:09 UTC
File Type:
PE (.Net Dll)
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qudas2getw3qx6xhdhx3o3q437xe26jj5forfmfnrrjfqx545qea._file
Verdict:
malicious
Similar samples:
7ecf41a88b401f08d0382f853327b61322660cb7793d9dd722190e28539c0664
Jupyter
e0f268e1bff8974b728315707386b2b2fe70fa1701047976f0911bc2622e8de0
Jupyter
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221119-s1bvxacg61/
Unpacked files
SH256 hash:
85060968c49db70bfae719efb76e1cdfee4d7929e95d12b0ad8c52585fbcec08
MD5 hash:
628566c6f7dd239e31971a309e76e5d1
SHA1 hash:
5b00b4dfa25d16ace8654f011c84ca8ec6ad6abd
Link:
https://www.unpac.me/results/b6ec0837-60c1-4339-837c-d78bbf977868/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

177a29f598e2d28ff028a196ef7cf4f6

Jupyter

DLL dll 85060968c49db70bfae719efb76e1cdfee4d7929e95d12b0ad8c52585fbcec08

(this sample)

  
Dropped by
MD5 177a29f598e2d28ff028a196ef7cf4f6
Cape
Cape
https://www.capesandbox.com/analysis/336139/

Comments