General

  • Target

    SHPVE00475.jar

  • Size

    289KB

  • Sample

    201015-mcr5f8wlxx

  • MD5

    42f3ebb894eac0d038013669e46738e6

  • SHA1

    0de3d8cf20e002a5437d7548cf8da88a6f870e45

  • SHA256

    3f604dbfd849aef188625d235597897b71e51ec1e7dbda3db3f3fe5204b04cae

  • SHA512

    3fd28e3c317221de3ad5d0b83f21da1821ad5d1fbee512c3f466eed817d68cda31bb200b54d60b52db305ecb36bbf72335ce6be846239aba607fb083cc500f34

Malware Config

Targets

    • Target

      SHPVE00475.jar

    • Size

      289KB

    • MD5

      42f3ebb894eac0d038013669e46738e6

    • SHA1

      0de3d8cf20e002a5437d7548cf8da88a6f870e45

    • SHA256

      3f604dbfd849aef188625d235597897b71e51ec1e7dbda3db3f3fe5204b04cae

    • SHA512

      3fd28e3c317221de3ad5d0b83f21da1821ad5d1fbee512c3f466eed817d68cda31bb200b54d60b52db305ecb36bbf72335ce6be846239aba607fb083cc500f34

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks