General

  • Target

    Payoff Statement.jar

  • Size

    107KB

  • Sample

    201016-lq45l714nn

  • MD5

    71747772db1e1a0d72cc715270b1d81f

  • SHA1

    10e88b56fd0c2b37ff3c570bd15e5b1f4ca35546

  • SHA256

    ca387dd7da00ab25ce6ba103baca69def6babbc0dc8ccfa2fbc901a37a7de364

  • SHA512

    10b37a12cbd0a0efa370cdb9b051b68a042471bde62b2af1221ef759249c352ed6afee522a24ead2b1cfcb48f74bb36a43c4ac0a2022da27214577ac1e9b7e01

Malware Config

Targets

    • Target

      Payoff Statement.jar

    • Size

      107KB

    • MD5

      71747772db1e1a0d72cc715270b1d81f

    • SHA1

      10e88b56fd0c2b37ff3c570bd15e5b1f4ca35546

    • SHA256

      ca387dd7da00ab25ce6ba103baca69def6babbc0dc8ccfa2fbc901a37a7de364

    • SHA512

      10b37a12cbd0a0efa370cdb9b051b68a042471bde62b2af1221ef759249c352ed6afee522a24ead2b1cfcb48f74bb36a43c4ac0a2022da27214577ac1e9b7e01

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks