General
-
Target
DHL.jar
-
Size
103KB
-
Sample
201014-hdy7l58pm2
-
MD5
681bbe7088c5ab72967e9d1b3a45de83
-
SHA1
ac74a19ce1612952dae1bc40a5e726f4671d550a
-
SHA256
d858a274f48d62d710ec65a7022a5adc6461b09dd42d5c075b3525cce845036c
-
SHA512
96b5e6b28bd94c2c4ab8efde121e45336faf5cf6d3d6772d354c75b1dddf24426f36a0d73de388184e71190d331acb20d9684d9f03b14ec7ebf42755413bbe5a
Malware Config
Targets
-
-
Target
DHL.jar
-
Size
103KB
-
MD5
681bbe7088c5ab72967e9d1b3a45de83
-
SHA1
ac74a19ce1612952dae1bc40a5e726f4671d550a
-
SHA256
d858a274f48d62d710ec65a7022a5adc6461b09dd42d5c075b3525cce845036c
-
SHA512
96b5e6b28bd94c2c4ab8efde121e45336faf5cf6d3d6772d354c75b1dddf24426f36a0d73de388184e71190d331acb20d9684d9f03b14ec7ebf42755413bbe5a
Score10/10-
QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
-
Executes dropped EXE
-
Adds Run key to start application
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-