General

  • Target

    DHL.jar

  • Size

    318KB

  • Sample

    201012-sl1v7k6nza

  • MD5

    ba3c3a491c1f542ba70b5cba78664c27

  • SHA1

    e3f3836cbd6c20799d5fd847852732ec6bbb64a6

  • SHA256

    f104ffa104dc5c0739ed98c605c0cc32fc148aa40dab5de2916d9b1f864a4654

  • SHA512

    7d0201320644db94497f6e1d0584a2be985210c205ae63a3ba4aaa7831d778aa5893e608ed96c082e31f4e63173ff626043cf90af93a2a747710366fa6745b50

Malware Config

Targets

    • Target

      DHL.jar

    • Size

      318KB

    • MD5

      ba3c3a491c1f542ba70b5cba78664c27

    • SHA1

      e3f3836cbd6c20799d5fd847852732ec6bbb64a6

    • SHA256

      f104ffa104dc5c0739ed98c605c0cc32fc148aa40dab5de2916d9b1f864a4654

    • SHA512

      7d0201320644db94497f6e1d0584a2be985210c205ae63a3ba4aaa7831d778aa5893e608ed96c082e31f4e63173ff626043cf90af93a2a747710366fa6745b50

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks