General

  • Target

    ITIBTR1830000.jar

  • Size

    111KB

  • Sample

    201016-xpg84tt5qa

  • MD5

    e48e2c6f55565a57d236430c7c93a007

  • SHA1

    45b6fa5196fe2c60904523760f8baf810c735c64

  • SHA256

    9d92ec1d3fa69dae5545a49b3071afaf12cb1bfed0970f3bdf70dd96179eebb7

  • SHA512

    7ab8a7f0993d0f374c70773a30e40949ee9410e8948f3704c23da044238e0a2ca9b4edfc5db3f382a38ae5f03a943929047fe483d2ff8c939147086d88e82b27

Malware Config

Targets

    • Target

      ITIBTR1830000.jar

    • Size

      111KB

    • MD5

      e48e2c6f55565a57d236430c7c93a007

    • SHA1

      45b6fa5196fe2c60904523760f8baf810c735c64

    • SHA256

      9d92ec1d3fa69dae5545a49b3071afaf12cb1bfed0970f3bdf70dd96179eebb7

    • SHA512

      7ab8a7f0993d0f374c70773a30e40949ee9410e8948f3704c23da044238e0a2ca9b4edfc5db3f382a38ae5f03a943929047fe483d2ff8c939147086d88e82b27

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks