Overview

overview

10

Static

static

Product De...-7.jar

windows7_x64

1

Product De...-7.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Product Details and Specification For New Order_076-21-7.jar

  • Size

    12KB

  • Sample

    200721-6bkeyvsc56

  • MD5

    7843ac9b285fa41873baa3425de7d725

  • SHA1

    d381507d4eabdbaaf413314a6addbb26b5960b1f

  • SHA256

    3a3961d2bb39feebdd50c84bd6d9c1d2b572ebd2bb96a9d7898ac4b7cfaee8ed

  • SHA512

    a2cc3eea6e6a34ef0a9fd760dc4bde9fea9c8994343c795330c31ede25a147479543df28dd77a0efd076bb26f0ee2d4a6a73a9adbef29b309489067b5d2d803f

Score
10/10
qnodeservicepersistencetrojan

Malware Config

Targets

    • Target

      Product Details and Specification For New Order_076-21-7.jar

    • Size

      12KB

    • MD5

      7843ac9b285fa41873baa3425de7d725

    • SHA1

      d381507d4eabdbaaf413314a6addbb26b5960b1f

    • SHA256

      3a3961d2bb39feebdd50c84bd6d9c1d2b572ebd2bb96a9d7898ac4b7cfaee8ed

    • SHA512

      a2cc3eea6e6a34ef0a9fd760dc4bde9fea9c8994343c795330c31ede25a147479543df28dd77a0efd076bb26f0ee2d4a6a73a9adbef29b309489067b5d2d803f

    Score
    10/10
    persistencetrojanqnodeservice

    • QNodeService

      is a trojan written in NodeJS and spread via Java downloader. Utilizes stealer functionality.

      trojanqnodeservice

    • QNodeService NodeJS Trojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks