General

  • Target

    EQUIPMENT 007.jar

  • Size

    211KB

  • Sample

    201005-cm62lg9xxj

  • MD5

    8e729c7445eb39c762c6a1b43a432c65

  • SHA1

    da090c5169c7e79be4c4d5e8c60f51716da86152

  • SHA256

    ca3fab466bd97a3a8f0d7654d2ce5dfe705760789a54bdc2fcdb3527c60fe575

  • SHA512

    337c990c1f37cbbc086ada915b26932715c5adca7f137d3ab68b884f73ec6d3181b0172f0021c440d83e25e5cddb50f25448152c8c7ef8f0e44867ba9566749a

Malware Config

Targets

    • Target

      EQUIPMENT 007.jar

    • Size

      211KB

    • MD5

      8e729c7445eb39c762c6a1b43a432c65

    • SHA1

      da090c5169c7e79be4c4d5e8c60f51716da86152

    • SHA256

      ca3fab466bd97a3a8f0d7654d2ce5dfe705760789a54bdc2fcdb3527c60fe575

    • SHA512

      337c990c1f37cbbc086ada915b26932715c5adca7f137d3ab68b884f73ec6d3181b0172f0021c440d83e25e5cddb50f25448152c8c7ef8f0e44867ba9566749a

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks