General

  • Target

    dhlpaket.jar

  • Size

    289KB

  • Sample

    201015-6856ah4zre

  • MD5

    b15cdc291a5e4a8535c3eb7c14eae8dc

  • SHA1

    1a4070204cabeb1fe552ce0d83017dd416fc1ef5

  • SHA256

    fc893170ac17a117486c0cb8e3f0733840f5e964d4134abf74c3d801df40f75a

  • SHA512

    274429ccfc2d977a9d013ac788880bdb80fd3320f623042a671a2186ecc62ffb19ddcb8e452d7f1dff5a1bc66ffc4111129869ec01783bf4701a3bc5dbee000b

Malware Config

Targets

    • Target

      dhlpaket.jar

    • Size

      289KB

    • MD5

      b15cdc291a5e4a8535c3eb7c14eae8dc

    • SHA1

      1a4070204cabeb1fe552ce0d83017dd416fc1ef5

    • SHA256

      fc893170ac17a117486c0cb8e3f0733840f5e964d4134abf74c3d801df40f75a

    • SHA512

      274429ccfc2d977a9d013ac788880bdb80fd3320f623042a671a2186ecc62ffb19ddcb8e452d7f1dff5a1bc66ffc4111129869ec01783bf4701a3bc5dbee000b

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks