General

  • Target

    Trans-Advice15-10-2020.jar

  • Size

    353KB

  • Sample

    201015-w1qythc51a

  • MD5

    ea87033374ee2fec133aa74327e30a1b

  • SHA1

    c888a95a60ff2747c1338360e8afc81d8c78a8fb

  • SHA256

    b2c354aae67e95b12966f36229ad10d871c27fa4f733f9cedc35effc65e32e7b

  • SHA512

    284753ce2430fbe3cfd625dd3674f9b2a076baf7b2652c008e66534730eed127ff2eb5365290008c8d617eff1b0d713953432951662ea22ef7a64bbea8a51c6f

Malware Config

Targets

    • Target

      Trans-Advice15-10-2020.jar

    • Size

      353KB

    • MD5

      ea87033374ee2fec133aa74327e30a1b

    • SHA1

      c888a95a60ff2747c1338360e8afc81d8c78a8fb

    • SHA256

      b2c354aae67e95b12966f36229ad10d871c27fa4f733f9cedc35effc65e32e7b

    • SHA512

      284753ce2430fbe3cfd625dd3674f9b2a076baf7b2652c008e66534730eed127ff2eb5365290008c8d617eff1b0d713953432951662ea22ef7a64bbea8a51c6f

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks