qnodeservice | a1ef033975e130591e2621fb7e7b2c1d8ddb2472220892017247ef541da8de77 | Triage

Submit
Reports

Overview

overview

Static

static

c7094e20cc...db.jar

windows7_x64

1

c7094e20cc...db.jar

windows10_x64

Sharing

General

Target

c7094e20cc91b7c901d6eb5e31960adb.jar
Size

166KB
Sample

201005-yp3ys13gp6
MD5

c7094e20cc91b7c901d6eb5e31960adb
SHA1

90c51c785f4ce1e8c512a138f0f6ae0f91ea06e5
SHA256

a1ef033975e130591e2621fb7e7b2c1d8ddb2472220892017247ef541da8de77
SHA512

afbd1b6c0cc7d7ef062581a4390aac08b1b3612ba91a7dc0e46acc021ab1c8d8066e3e0fc1bec6932e5ed5a56ea0df2256999d88bd386a3519a157574e64c683

Score

10^/10

qnodeservice persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

c7094e20cc91b7c901d6eb5e31960adb.jar

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c7094e20cc91b7c901d6eb5e31960adb.jar

Resource

win10

persistence trojan qnodeservice

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c7094e20cc91b7c901d6eb5e31960adb.jar
- Size
  
  166KB
- MD5
  
  c7094e20cc91b7c901d6eb5e31960adb
- SHA1
  
  90c51c785f4ce1e8c512a138f0f6ae0f91ea06e5
- SHA256
  
  a1ef033975e130591e2621fb7e7b2c1d8ddb2472220892017247ef541da8de77
- SHA512
  
  afbd1b6c0cc7d7ef062581a4390aac08b1b3612ba91a7dc0e46acc021ab1c8d8066e3e0fc1bec6932e5ed5a56ea0df2256999d88bd386a3519a157574e64c683
Score

10^/10

persistence trojan qnodeservice
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencetrojanqnodeservice

© 2018-2024

Terms | Privacy