PROPERTY DESIGNS.jar

General
Target

PROPERTY DESIGNS.jar

Size

463KB

Sample

201013-mrff78lts6

Score
10 /10
MD5

40e02d493aca746150f7c1b93b6d3ec7

SHA1

59c16f093953ec650f8d40abddf42fa1a8c5576e

SHA256

e2af2abfd29faf04991e4106528a65260c8173c06b756c124399ee955bec08c1

SHA512

f7be6768ae7f772f4455e423f766fdbd80ed9a628be15dfae05e78a5d91790a2922838c15f9cf185bb58d3bf29e8e248c5fb0e8c909e9cd311b1c690908494db

Malware Config
Targets
Target

PROPERTY DESIGNS.jar

MD5

40e02d493aca746150f7c1b93b6d3ec7

Filesize

463KB

Score
10 /10
SHA1

59c16f093953ec650f8d40abddf42fa1a8c5576e

SHA256

e2af2abfd29faf04991e4106528a65260c8173c06b756c124399ee955bec08c1

SHA512

f7be6768ae7f772f4455e423f766fdbd80ed9a628be15dfae05e78a5d91790a2922838c15f9cf185bb58d3bf29e8e248c5fb0e8c909e9cd311b1c690908494db

Tags

Signatures

  • QNodeService

    Description

    Trojan/stealer written in NodeJS and spread via Java downloader.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • JavaScript code in executable

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                behavioral1

                1/10