General

  • Target

    PO#361609.jar

  • Size

    137KB

  • Sample

    201015-4l6hj4w4ya

  • MD5

    e527e094c523bae39ead12ea9a341a87

  • SHA1

    bd040811292b98a266a794fa1db728c4852ef8ae

  • SHA256

    1818155d1ed800bb6070132cae82038553cfa16f12a1ee12a0395305241f44c5

  • SHA512

    b71864da5f9fed6d7c18fefdd748f3047d8895dd4d41febc873be06a4e1a4b112a1db7f9aaed9827c779f0cd4bc3da4efb86d235d99f84ed93a52334a7bb317f

Malware Config

Targets

    • Target

      PO#361609.jar

    • Size

      137KB

    • MD5

      e527e094c523bae39ead12ea9a341a87

    • SHA1

      bd040811292b98a266a794fa1db728c4852ef8ae

    • SHA256

      1818155d1ed800bb6070132cae82038553cfa16f12a1ee12a0395305241f44c5

    • SHA512

      b71864da5f9fed6d7c18fefdd748f3047d8895dd4d41febc873be06a4e1a4b112a1db7f9aaed9827c779f0cd4bc3da4efb86d235d99f84ed93a52334a7bb317f

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks