General

  • Target

    Remittance.jar

  • Size

    427KB

  • Sample

    201014-37gqkw3az6

  • MD5

    d126c329d2e5ae68df5ccad66b9c40ea

  • SHA1

    39d51f17d71aec853c4c04d5b9d2ea72343b680e

  • SHA256

    8329d6556a50b7aa985b38388579eea3cee777d3046ffc94721866d5ee02f948

  • SHA512

    5f1023a28c57b48a7a67f6c3d985ca18c96034ba8de71031ea956573e3f95a5f9af5d3654bdb0b3884fc4e971c2e7af31681ec17047e6cabb44de6c5385e62c6

Malware Config

Targets

    • Target

      Remittance.jar

    • Size

      427KB

    • MD5

      d126c329d2e5ae68df5ccad66b9c40ea

    • SHA1

      39d51f17d71aec853c4c04d5b9d2ea72343b680e

    • SHA256

      8329d6556a50b7aa985b38388579eea3cee777d3046ffc94721866d5ee02f948

    • SHA512

      5f1023a28c57b48a7a67f6c3d985ca18c96034ba8de71031ea956573e3f95a5f9af5d3654bdb0b3884fc4e971c2e7af31681ec17047e6cabb44de6c5385e62c6

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks