Overview

overview

10

Static

static

Inv. BL_PL.jar

windows7_x64

1

Inv. BL_PL.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inv. BL_PL.jar

  • Size

    12KB

  • Sample

    200721-batcbkc7mj

  • MD5

    24d9c77865b6574dd50f830fe59668fb

  • SHA1

    70ac5db53f5416b62587b84bff700a8d1c7678ef

  • SHA256

    ba20f01565a3d7a9660f5bb5f3cbb1a9aa5bd9f085302d38d9874f99b70dde1a

  • SHA512

    0363b44403c147f5671713dd8ff0e6a6392c6013294500586472195822104845e34298f51afcf4646fe4e23adb2d78d356b7960bf2c7288d120d9500830604ae

Score
10/10
qnodeservicepersistencetrojan

Malware Config

Targets

    • Target

      Inv. BL_PL.jar

    • Size

      12KB

    • MD5

      24d9c77865b6574dd50f830fe59668fb

    • SHA1

      70ac5db53f5416b62587b84bff700a8d1c7678ef

    • SHA256

      ba20f01565a3d7a9660f5bb5f3cbb1a9aa5bd9f085302d38d9874f99b70dde1a

    • SHA512

      0363b44403c147f5671713dd8ff0e6a6392c6013294500586472195822104845e34298f51afcf4646fe4e23adb2d78d356b7960bf2c7288d120d9500830604ae

    Score
    10/10
    trojanqnodeservicepersistence

    • QNodeService

      is a trojan written in NodeJS and spread via Java downloader. Utilizes stealer functionality.

      trojanqnodeservice

    • QNodeService NodeJS Trojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks