qnodeservice | d47d68e878628d7e76a399021d738eb0b0d1cb2c3892220302876790b1a6c3c3 | Triage

Submit
Reports

Overview

overview

Static

static

Jiu Chang ...er.jar

windows7_x64

1

Jiu Chang ...er.jar

windows10_x64

Sharing

General

Target

Jiu Chang Co. Ltd Purchase order.jar
Size

13KB
Sample

200722-mjhsmvfc9j
MD5

eb1e10dfe6e6dfa0f583773c8ff95d30
SHA1

0e871dbd3d9aca806db001ccd06f77202a8b7757
SHA256

d47d68e878628d7e76a399021d738eb0b0d1cb2c3892220302876790b1a6c3c3
SHA512

f68e459cae33ff634223e96bc5c476d2c82479468c393a3af609ca31bf6af0bbff1ec048f2aea82ea3d960873306941f2e1b3ee9db2ec343866cf987f9337a10

Score

10^/10

qnodeservice persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Jiu Chang Co. Ltd Purchase order.jar

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Jiu Chang Co. Ltd Purchase order.jar

Resource

win10

persistence trojan qnodeservice

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Jiu Chang Co. Ltd Purchase order.jar
- Size
  
  13KB
- MD5
  
  eb1e10dfe6e6dfa0f583773c8ff95d30
- SHA1
  
  0e871dbd3d9aca806db001ccd06f77202a8b7757
- SHA256
  
  d47d68e878628d7e76a399021d738eb0b0d1cb2c3892220302876790b1a6c3c3
- SHA512
  
  f68e459cae33ff634223e96bc5c476d2c82479468c393a3af609ca31bf6af0bbff1ec048f2aea82ea3d960873306941f2e1b3ee9db2ec343866cf987f9337a10
Score

10^/10

persistence trojan qnodeservice
- QNodeService
  is a trojan written in NodeJS and spread via Java downloader. Utilizes stealer functionality.
  trojan qnodeservice
- QNodeService NodeJS Trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencetrojanqnodeservice

© 2018-2025

Terms | Privacy