The purpose of this blogpost is to document the PowerShell used by Solarmarker. The PowerShell was first observed between Feb 2022 until May 2022 and then resurfaced in September 2022. The goal of this post is to publish information regarding the PowerShell to enable others to identify and understand what the PowerShell is doing. DetectingContinue reading “Solarmarker: The Old is New”
Tag Archives: Solarmarker
SolarMarker Bloat
The goal of this post is to document SolarMarker malware as seen between May 2022 and September 2022. This malware is also known under other names (Jupyter Infostealer, YellowCockatoo, Polazert). If you are interested in earlier forms of the malware, check out my previous blog posts. The TLDR on SolarMarker is that it has beenContinue reading “SolarMarker Bloat”
Solarmarker: by any other name
Payload SHA256: c61348ab7e5ffeb9ba5d1077b13c49bde4d841c5ada9aBackdoor SHA256: 0e673eb418c87268aa3bcb262e8e03a3f719a95a8e118ba99515c57c9aa02d38Backdoor C2: 149.255.35.179 Solarmarker (AKA JupyterInfostealer AKA YellowCockatoo AKA Polazert) is still a trending malware. According to Expel.io the malware accounted for 33% of their identified malicious payloads in September 2021. Several companies have published write-ups: they often dig deep and the writeups and detection methods often fall out of dateContinue reading “Solarmarker: by any other name”
Solarmarker: Registry Key Persistence Walkthrough
Binary: 1197067d50dd5dd5af12e715e2cc00c0ba1ff738173928bbcfbbad1ee0a52f21Infostealer: 6852699e4420f08ab63a9a4e0b126d73d0ac3d7e21da06ad77bc3fe67c9a2e1fBackdoor: 8c35f2a78e366abf2450d5882c49c69ee5cc01dba3743938b45cedc2b5dee3a3 This is a follow up blogpost regarding the malware known as Solarmarker / Jupyter Infostealer / Yellow Cockatoo / Polazert. This post can be read on its own but consider reading my first post on Solarmarker that discusses the persistence mechanism for April – May and my second post for informationContinue reading “Solarmarker: Registry Key Persistence Walkthrough”
Squiblydoo.blog 