qnodeservice | eec063e54c4eb818e568bde4f742efb075c691a9201d974291c6767bac7c20a1 | Triage

Submit
Reports

Overview

overview

Static

static

2b5e8601eb...60.jar

windows7_x64

1

2b5e8601eb...60.jar

windows10_x64

Sharing

General

Target

2b5e8601ebef2e9c3b82bfc71f4d9c60.jar
Size

200KB
Sample

201005-v3f4zxbrka
MD5

2b5e8601ebef2e9c3b82bfc71f4d9c60
SHA1

678237fe0071f9ee54c756d71f2e2fc655a27c60
SHA256

eec063e54c4eb818e568bde4f742efb075c691a9201d974291c6767bac7c20a1
SHA512

2db0e8586843c48a4cabfbac44d522f9ad94ec55c0d721b3faa5856a4d68e118105d5a3b3800ebe55b1b61913a24601595aa05de266099d19e3ee0656cc45a10

Score

10^/10

qnodeservice persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

2b5e8601ebef2e9c3b82bfc71f4d9c60.jar

Resource

win7v200722

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2b5e8601ebef2e9c3b82bfc71f4d9c60.jar

Resource

win10v200722

persistence trojan qnodeservice spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2b5e8601ebef2e9c3b82bfc71f4d9c60.jar
- Size
  
  200KB
- MD5
  
  2b5e8601ebef2e9c3b82bfc71f4d9c60
- SHA1
  
  678237fe0071f9ee54c756d71f2e2fc655a27c60
- SHA256
  
  eec063e54c4eb818e568bde4f742efb075c691a9201d974291c6767bac7c20a1
- SHA512
  
  2db0e8586843c48a4cabfbac44d522f9ad94ec55c0d721b3faa5856a4d68e118105d5a3b3800ebe55b1b61913a24601595aa05de266099d19e3ee0656cc45a10
Score

10^/10

persistence trojan qnodeservice spyware
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencetrojanqnodeservicespyware

© 2018-2024

Terms | Privacy