qnodeservice | 1e60e23416feac21261eeeaf7e497410744bf5f8618a343e383651068bef1411 | Triage

Sharing

General

Target

COTIZACION #00195.jar
Size

11KB
Sample

200707-fvrnsh3qvs
MD5

dea82e5fa24ff713864dab39309766ab
SHA1

376db1ce4d3204b0701a21626682772ea8cfa86c
SHA256

1e60e23416feac21261eeeaf7e497410744bf5f8618a343e383651068bef1411
SHA512

9308b30ccdedbe19cba9e3d22aaf609e4ba2d7d2d8db52b3ff965eab0168bf0d622f007ef1f4cc333e3639304f1d15c7a9723153244acfb244ba4003416dc6cf

Score

10^/10

qnodeservice persistence trojan

Malware Config

Targets

- Target
  
  COTIZACION #00195.jar
- Size
  
  11KB
- MD5
  
  dea82e5fa24ff713864dab39309766ab
- SHA1
  
  376db1ce4d3204b0701a21626682772ea8cfa86c
- SHA256
  
  1e60e23416feac21261eeeaf7e497410744bf5f8618a343e383651068bef1411
- SHA512
  
  9308b30ccdedbe19cba9e3d22aaf609e4ba2d7d2d8db52b3ff965eab0168bf0d622f007ef1f4cc333e3639304f1d15c7a9723153244acfb244ba4003416dc6cf
Score

10^/10

trojan qnodeservice persistence
- QNodeService
  is a trojan written in NodeJS and spread via Java downloader. Utilizes stealer functionality.
  trojan qnodeservice
- QNodeService NodeJS Trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

trojanqnodeservicepersistence