General

  • Target

    NewOrder101420202.jar

  • Size

    119KB

  • Sample

    201016-kars9gb6wa

  • MD5

    d2b95d1ab25302ab15dddc817f1ede12

  • SHA1

    c7d520278ac9e409d1890f98e91b28f7bfdd7481

  • SHA256

    c7f25013b32d98d6b2dff1cb775c175956509171d9ae579cc81147da2a6e3d20

  • SHA512

    4a3452beb8255644715d8ce3d6f0fbfd9dcbc113562b7a7c51c888d27b402bd88596dc7d9d31a26c3dd6ac940f7d662d6ba88aaca2693679f5e7b52ef591efbc

Malware Config

Targets

    • Target

      NewOrder101420202.jar

    • Size

      119KB

    • MD5

      d2b95d1ab25302ab15dddc817f1ede12

    • SHA1

      c7d520278ac9e409d1890f98e91b28f7bfdd7481

    • SHA256

      c7f25013b32d98d6b2dff1cb775c175956509171d9ae579cc81147da2a6e3d20

    • SHA512

      4a3452beb8255644715d8ce3d6f0fbfd9dcbc113562b7a7c51c888d27b402bd88596dc7d9d31a26c3dd6ac940f7d662d6ba88aaca2693679f5e7b52ef591efbc

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks