General

  • Target

    Rechnung 20118.jar

  • Size

    426KB

  • Sample

    201013-hzz3m19fka

  • MD5

    6bc043f799a1abdcb9d7a82392f9a9eb

  • SHA1

    2c3507dbb7095381ec36835e42d95dc776af6e84

  • SHA256

    c82d09dc7e88fbaa8585728234aba3f72af8f3a1d588bbadab722b622f3e2aa4

  • SHA512

    3238e51d3aeb425577b8706221d118f30f1d22c3f0a634ff7f2f214f79a17b3d0e15070719e13dd63a2ad706e89c3127db37b91963888d90f6b05817bf8a5e2c

Malware Config

Targets

    • Target

      Rechnung 20118.jar

    • Size

      426KB

    • MD5

      6bc043f799a1abdcb9d7a82392f9a9eb

    • SHA1

      2c3507dbb7095381ec36835e42d95dc776af6e84

    • SHA256

      c82d09dc7e88fbaa8585728234aba3f72af8f3a1d588bbadab722b622f3e2aa4

    • SHA512

      3238e51d3aeb425577b8706221d118f30f1d22c3f0a634ff7f2f214f79a17b3d0e15070719e13dd63a2ad706e89c3127db37b91963888d90f6b05817bf8a5e2c

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks