Resubmissions

05-06-2022 12:13

220605-pd9a4seeak 1

17-10-2020 12:07

201017-dbljcedc5s 10

General

  • Target

    Notification.jar

  • Size

    157KB

  • Sample

    201017-dbljcedc5s

  • MD5

    8035ca2a6a358805d67efd00e2738626

  • SHA1

    233d40497d566d0480aadea37a6e3062234a17fc

  • SHA256

    51fb9721d665f58eb5c41cc4a2a75b112f505b18321e532dac33a3139770c207

  • SHA512

    a31fc4df88a9511d1c558877fbb2aa31e15ab1566a5f031f737ea0a49a917721d8e86f213290230eefa058ade3ad2f88491c3bfb306a2e0a4221a6f91ede26e6

Malware Config

Targets

    • Target

      Notification.jar

    • Size

      157KB

    • MD5

      8035ca2a6a358805d67efd00e2738626

    • SHA1

      233d40497d566d0480aadea37a6e3062234a17fc

    • SHA256

      51fb9721d665f58eb5c41cc4a2a75b112f505b18321e532dac33a3139770c207

    • SHA512

      a31fc4df88a9511d1c558877fbb2aa31e15ab1566a5f031f737ea0a49a917721d8e86f213290230eefa058ade3ad2f88491c3bfb306a2e0a4221a6f91ede26e6

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks