General
-
Target
Order30092020.jar
-
Size
269KB
-
Sample
201005-dpamaralde
-
MD5
43db376d6d1c00b41b79d8dd5eed3e5e
-
SHA1
04b307fb43cad6b2a4d8d6ec338009d55b0255e1
-
SHA256
f921f323a0e6f0ca53a93de02d0c5920dd4fc1ffe902c139387bf92f47e098db
-
SHA512
b2c2ee8e1b958954c20bf75cfb16d7c1c9aa38941dea484835be9603659adc13fbd64b3531a08b908a5e635c640a3953836fb91cb65a8de11b28805cde99f503
Malware Config
Targets
-
-
Target
Order30092020.jar
-
Size
269KB
-
MD5
43db376d6d1c00b41b79d8dd5eed3e5e
-
SHA1
04b307fb43cad6b2a4d8d6ec338009d55b0255e1
-
SHA256
f921f323a0e6f0ca53a93de02d0c5920dd4fc1ffe902c139387bf92f47e098db
-
SHA512
b2c2ee8e1b958954c20bf75cfb16d7c1c9aa38941dea484835be9603659adc13fbd64b3531a08b908a5e635c640a3953836fb91cb65a8de11b28805cde99f503
Score10/10-
QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
-
Executes dropped EXE
-
Adds Run key to start application
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-