General

  • Target

    DHL ARRIVAL.jar

  • Size

    285KB

  • Sample

    201014-m8mmbg6gyx

  • MD5

    75f5ce2ae0099fc1afb790db6e1db016

  • SHA1

    f4f3d192a30507f90bc2d4091f6a1f260752175a

  • SHA256

    7fe0e93c12ac33399712246614159aec3f10e132dd54dff5a8185cb91089c428

  • SHA512

    d8fe87b03cc5bfbd688f7b06b5405c04f42f86ff3940aa954bd957018909d21fd40f3003c8d5f7c0899fea88e03acebfca6cb991b240d2b829f021cafea01678

Malware Config

Targets

    • Target

      DHL ARRIVAL.jar

    • Size

      285KB

    • MD5

      75f5ce2ae0099fc1afb790db6e1db016

    • SHA1

      f4f3d192a30507f90bc2d4091f6a1f260752175a

    • SHA256

      7fe0e93c12ac33399712246614159aec3f10e132dd54dff5a8185cb91089c428

    • SHA512

      d8fe87b03cc5bfbd688f7b06b5405c04f42f86ff3940aa954bd957018909d21fd40f3003c8d5f7c0899fea88e03acebfca6cb991b240d2b829f021cafea01678

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks