qnodeservice | e2af2abfd29faf04991e4106528a65260c8173c06b756c124399ee955bec08c1 | Triage

Submit
Reports

Overview

overview

Static

static

PROPERTY DESIGNS.jar

windows7_x64

1

PROPERTY DESIGNS.jar

windows10_x64

Sharing

General

Target

PROPERTY DESIGNS.jar
Size

463KB
Sample

201013-mrff78lts6
MD5

40e02d493aca746150f7c1b93b6d3ec7
SHA1

59c16f093953ec650f8d40abddf42fa1a8c5576e
SHA256

e2af2abfd29faf04991e4106528a65260c8173c06b756c124399ee955bec08c1
SHA512

f7be6768ae7f772f4455e423f766fdbd80ed9a628be15dfae05e78a5d91790a2922838c15f9cf185bb58d3bf29e8e248c5fb0e8c909e9cd311b1c690908494db

Score

10^/10

qnodeservice persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

PROPERTY DESIGNS.jar

Resource

win7v200722

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PROPERTY DESIGNS.jar

Resource

win10

trojan qnodeservice persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  PROPERTY DESIGNS.jar
- Size
  
  463KB
- MD5
  
  40e02d493aca746150f7c1b93b6d3ec7
- SHA1
  
  59c16f093953ec650f8d40abddf42fa1a8c5576e
- SHA256
  
  e2af2abfd29faf04991e4106528a65260c8173c06b756c124399ee955bec08c1
- SHA512
  
  f7be6768ae7f772f4455e423f766fdbd80ed9a628be15dfae05e78a5d91790a2922838c15f9cf185bb58d3bf29e8e248c5fb0e8c909e9cd311b1c690908494db
Score

10^/10

trojan qnodeservice persistence spyware
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

trojanqnodeservicepersistencespyware

© 2018-2024

Terms | Privacy