qnodeservice | ef3d46672b76fdf902c7baa81c07dc16f30b32953983dfb774988b10fea826cd | Triage

Sharing

General

Target

New Order.jar
Size

11KB
Sample

200710-gdppep7v6a
MD5

69ef667c7532f2270c7fce0248204de8
SHA1

5068591969676356606cab476c5a97e6931cf10a
SHA256

ef3d46672b76fdf902c7baa81c07dc16f30b32953983dfb774988b10fea826cd
SHA512

99cfaf53c551bee15d8c020380dc5fab4f268e8d1b635d26495c8e19c53fe57c187820149a23bbd60ddf166d34980d7be80dedbb33387d131ba67f5fbc7b293f

Score

10^/10

qnodeservice persistence trojan

Malware Config

Targets

- Target
  
  New Order.jar
- Size
  
  11KB
- MD5
  
  69ef667c7532f2270c7fce0248204de8
- SHA1
  
  5068591969676356606cab476c5a97e6931cf10a
- SHA256
  
  ef3d46672b76fdf902c7baa81c07dc16f30b32953983dfb774988b10fea826cd
- SHA512
  
  99cfaf53c551bee15d8c020380dc5fab4f268e8d1b635d26495c8e19c53fe57c187820149a23bbd60ddf166d34980d7be80dedbb33387d131ba67f5fbc7b293f
Score

10^/10

persistence trojan qnodeservice
- QNodeService
  is a trojan written in NodeJS and spread via Java downloader. Utilizes stealer functionality.
  trojan qnodeservice
- QNodeService NodeJS Trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencetrojanqnodeservice