General

  • Target

    FedEx 7774994746621.jar

  • Size

    259KB

  • Sample

    201009-lch2lhac6n

  • MD5

    9e0fbaf1d32caa25c6af355e4fa9c0f3

  • SHA1

    8bfa7cf9198a18ab158116707c7a621d8888975a

  • SHA256

    ec1e98e8f34938829b5de6f7488a6e3874743424755edb6638a5f07aed462da7

  • SHA512

    5a78b667abca2838e78c4d52b144563afa20ce6e4ab1bd3e603b0392636c9013308dd6653486bdbf420e580d3de55e34fcfa03dd39b8aee4d3b4da0e5a00485e

Malware Config

Targets

    • Target

      FedEx 7774994746621.jar

    • Size

      259KB

    • MD5

      9e0fbaf1d32caa25c6af355e4fa9c0f3

    • SHA1

      8bfa7cf9198a18ab158116707c7a621d8888975a

    • SHA256

      ec1e98e8f34938829b5de6f7488a6e3874743424755edb6638a5f07aed462da7

    • SHA512

      5a78b667abca2838e78c4d52b144563afa20ce6e4ab1bd3e603b0392636c9013308dd6653486bdbf420e580d3de55e34fcfa03dd39b8aee4d3b4da0e5a00485e

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks