General

  • Target

    PO#361609.jar

  • Size

    405KB

  • Sample

    201015-f6g1kc8v9s

  • MD5

    4488c5c2c35855192183e56d4330fc47

  • SHA1

    abc5695603e4db7faf44044b082e93cf80cc44fc

  • SHA256

    c8bbca65949b22c27927e6e300071fe1b1a995c5b2adbc207359404b4bbf7803

  • SHA512

    7eae0510e232f4fafe1ef064f7a6767865ff3ebbbb986c129dc3df236b46d5207f66b248578b640ef12bd2567841f7f95754f7b58f93d41b35b8a80a30022c52

Malware Config

Targets

    • Target

      PO#361609.jar

    • Size

      405KB

    • MD5

      4488c5c2c35855192183e56d4330fc47

    • SHA1

      abc5695603e4db7faf44044b082e93cf80cc44fc

    • SHA256

      c8bbca65949b22c27927e6e300071fe1b1a995c5b2adbc207359404b4bbf7803

    • SHA512

      7eae0510e232f4fafe1ef064f7a6767865ff3ebbbb986c129dc3df236b46d5207f66b248578b640ef12bd2567841f7f95754f7b58f93d41b35b8a80a30022c52

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks