Overview

overview

10

Static

static

invoice.pdf.jar

windows7_x64

1

invoice.pdf.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice.pdf.jar

  • Size

    12KB

  • Sample

    200718-y2f54p1296

  • MD5

    0e50cb4e9b25da899c46b32c503dceef

  • SHA1

    98a5551e4c9a079bf200a45a055210ed5d81868b

  • SHA256

    e8d0db564e1a959cc6e308980c5b681841c76d28ac976d99579bcc2b9ff7f420

  • SHA512

    5c24a2ab5ce9b5bb0e4835b54efaaa67abe1fb1eda10c62d54fbdb899f03aabd9674b215ded76aa01c45662a82e5d9d0ad5ed40879130f6b10dd4f401718d1b3

Score
10/10
qnodeservicepersistencetrojan

Malware Config

Targets

    • Target

      invoice.pdf.jar

    • Size

      12KB

    • MD5

      0e50cb4e9b25da899c46b32c503dceef

    • SHA1

      98a5551e4c9a079bf200a45a055210ed5d81868b

    • SHA256

      e8d0db564e1a959cc6e308980c5b681841c76d28ac976d99579bcc2b9ff7f420

    • SHA512

      5c24a2ab5ce9b5bb0e4835b54efaaa67abe1fb1eda10c62d54fbdb899f03aabd9674b215ded76aa01c45662a82e5d9d0ad5ed40879130f6b10dd4f401718d1b3

    Score
    10/10
    persistencetrojanqnodeservice

    • QNodeService

      is a trojan written in NodeJS and spread via Java downloader. Utilizes stealer functionality.

      trojanqnodeservice

    • QNodeService NodeJS Trojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks