General

  • Target

    RFQ.jar

  • Size

    360KB

  • Sample

    201013-sf88drmpde

  • MD5

    54a4d1c8b02bceb2c48d49f43db3a510

  • SHA1

    d0cf537542156ab8b6c1c5f6522ccc91e2421766

  • SHA256

    9c7fc51d9b11381d7cbdef16dea123d384455f9d8828340337a420dc21b8a0d7

  • SHA512

    88ae24ac1a64291a5431a171969a7a2a34b4f2bd4db31ee8b67a4818fe1f31406d1373b9360a5d4f457ecfb83dd22aa5f478ec019ba8ca18a8cc12616ecc847e

Malware Config

Targets

    • Target

      RFQ.jar

    • Size

      360KB

    • MD5

      54a4d1c8b02bceb2c48d49f43db3a510

    • SHA1

      d0cf537542156ab8b6c1c5f6522ccc91e2421766

    • SHA256

      9c7fc51d9b11381d7cbdef16dea123d384455f9d8828340337a420dc21b8a0d7

    • SHA512

      88ae24ac1a64291a5431a171969a7a2a34b4f2bd4db31ee8b67a4818fe1f31406d1373b9360a5d4f457ecfb83dd22aa5f478ec019ba8ca18a8cc12616ecc847e

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks