General

  • Target

    KR-US FTA CO.jar

  • Size

    378KB

  • Sample

    201016-6j4q7g8wln

  • MD5

    ca07db8fd81eec3d8d99f94e2382ebc7

  • SHA1

    396070d12ecae5027ea9e815426dae7236bd3bc5

  • SHA256

    ccb2826c926e4465ea8ea53563d9308c9847d2ce84b8c82d4d03955a9d25fc51

  • SHA512

    236b5ce706db88ff2910d45cf55050bee569f07a53841225ab84d2130996c78f39fbfa250a3b48ea17bb2d85d4061f1f2456a902ce1325c9477990d8885a0294

Malware Config

Targets

    • Target

      KR-US FTA CO.jar

    • Size

      378KB

    • MD5

      ca07db8fd81eec3d8d99f94e2382ebc7

    • SHA1

      396070d12ecae5027ea9e815426dae7236bd3bc5

    • SHA256

      ccb2826c926e4465ea8ea53563d9308c9847d2ce84b8c82d4d03955a9d25fc51

    • SHA512

      236b5ce706db88ff2910d45cf55050bee569f07a53841225ab84d2130996c78f39fbfa250a3b48ea17bb2d85d4061f1f2456a902ce1325c9477990d8885a0294

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks