qnodeservice | f14e10f6af2f090a7228e52439fd49e91b5bfef954f9c8634bdd6c466a774739 | Triage

Submit
Reports

Overview

overview

Static

static

Order01102020.jar

windows7_x64

1

Order01102020.jar

windows10_x64

Sharing

General

Target

Order01102020.jar
Size

220KB
Sample

201005-ws4q3seylj
MD5

b4c3a4f0d94f0d3232bdf5f8932a3f79
SHA1

86585ca9dd7c692a25a1ec599c61e5a99109f869
SHA256

f14e10f6af2f090a7228e52439fd49e91b5bfef954f9c8634bdd6c466a774739
SHA512

3614df27639770e9edf097cd6a930e62d003d5e195cd122596c711c369e0aa15e1a48911b3642b10a5708d74b946f11a2e1db8734d81da598d966f7b63c6df2d

Score

10^/10

qnodeservice persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Order01102020.jar

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Order01102020.jar

Resource

win10v200722

persistence trojan qnodeservice

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Order01102020.jar
- Size
  
  220KB
- MD5
  
  b4c3a4f0d94f0d3232bdf5f8932a3f79
- SHA1
  
  86585ca9dd7c692a25a1ec599c61e5a99109f869
- SHA256
  
  f14e10f6af2f090a7228e52439fd49e91b5bfef954f9c8634bdd6c466a774739
- SHA512
  
  3614df27639770e9edf097cd6a930e62d003d5e195cd122596c711c369e0aa15e1a48911b3642b10a5708d74b946f11a2e1db8734d81da598d966f7b63c6df2d
Score

10^/10

persistence trojan qnodeservice
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencetrojanqnodeservice

© 2018-2024

Terms | Privacy