General

  • Target

    img-602501554-0001.jar

  • Size

    209KB

  • Sample

    201017-lwtwsmmlx6

  • MD5

    369eb059f2b5b98c7b42e14fad64c2a7

  • SHA1

    84c74b6512664d339f7f49a5368f9a6fdf6025e4

  • SHA256

    f80a0b2708893179f10771d1656875f67d6a9fba78ffcfe14485aae21b31dc55

  • SHA512

    8cccf82be1dd1fc9b4375c1c066f077b5433fa82d03bc46c90a5ae1b348b1c5deab9ea45313720f222a45316751189ea887c526d30cf80188f74db76771093bb

Malware Config

Targets

    • Target

      img-602501554-0001.jar

    • Size

      209KB

    • MD5

      369eb059f2b5b98c7b42e14fad64c2a7

    • SHA1

      84c74b6512664d339f7f49a5368f9a6fdf6025e4

    • SHA256

      f80a0b2708893179f10771d1656875f67d6a9fba78ffcfe14485aae21b31dc55

    • SHA512

      8cccf82be1dd1fc9b4375c1c066f077b5433fa82d03bc46c90a5ae1b348b1c5deab9ea45313720f222a45316751189ea887c526d30cf80188f74db76771093bb

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks