General

  • Target

    invoices.jar

  • Size

    328KB

  • Sample

    201013-b9v1f8fl4x

  • MD5

    f8831577be00b54d782b5745000c2ba6

  • SHA1

    fc2818ce3f3e726453d8be3f84fdfd0ce53c771a

  • SHA256

    cb7a320970092e3ab4fef6740f59658fb12353d5526c4ed6bdf9cbd6f3a37e23

  • SHA512

    444415613ba9952859e17a119533f5f6a2e3a420caaa350ebb444154ac2d25b64496fc8ee93e6f180708b543c1edae36a1d846bc30f8c1114c0cb167bb83f695

Malware Config

Targets

    • Target

      invoices.jar

    • Size

      328KB

    • MD5

      f8831577be00b54d782b5745000c2ba6

    • SHA1

      fc2818ce3f3e726453d8be3f84fdfd0ce53c771a

    • SHA256

      cb7a320970092e3ab4fef6740f59658fb12353d5526c4ed6bdf9cbd6f3a37e23

    • SHA512

      444415613ba9952859e17a119533f5f6a2e3a420caaa350ebb444154ac2d25b64496fc8ee93e6f180708b543c1edae36a1d846bc30f8c1114c0cb167bb83f695

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks