Overview

overview

10

Static

static

b9f9ca1512...ca.jar

windows7_x64

1

b9f9ca1512...ca.jar

windows10_x64

10

Analysis

  • max time kernel
    21s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    05-10-2020 13:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9f9ca15126b343b8f8e249447e7ecca.jar

  • Size

    280KB

  • MD5

    b9f9ca15126b343b8f8e249447e7ecca

  • SHA1

    3aeec58ee71d24b504236d34cccbfdb5a8b5f09c

  • SHA256

    b5cb957e53ad1b9bc243dcbef4909dc0b66e4702981bd019d3e7485be891c29b

  • SHA512

    e8b035a61b32b267ac5614e7dd4d0ffd8ef53cb8cb66ef1fb25c01f3a417185c91525cd11732a2d5a8f0b0f5d66322a58696c84b0ac48e59a9dc25d878202bb8

Score
10/10
trojanqnodeservice

Malware Config

Signatures

  • QNodeService

    Trojan/stealer written in NodeJS and spread via Java downloader.

    trojanqnodeservice
  • Executes dropped EXE 1 IoCs
  • JavaScript code in executable 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\b9f9ca15126b343b8f8e249447e7ecca.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:\Users\Admin\AppData\Local\Temp\72d0bbf6.tmp
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Users\Admin\node-v14.12.0-win-x64\node.exe
        C:\Users\Admin\node-v14.12.0-win-x64\node.exe - --hub-domain revolutionsmw.com
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2388-173-0x000000C599E40000-0x000000C599E41000-memory.dmp

    Filesize

    4KB

    Download