General

  • Target

    Our New Order Oct 19 2020 at 2.80_PVV440_PDF.jar

  • Size

    81KB

  • Sample

    201019-7t9ecwsgy6

  • MD5

    7246a4e4864624b0cd3067f20cb125d9

  • SHA1

    e9ac5b2ec4ac5b137452ae496ac7fe82015d77fd

  • SHA256

    46a1aaf4f612f2437a760ed1a5717b24c8510fe5113dfdee451d4e7ba2fc78e4

  • SHA512

    7b815956b1d07ed60ba197ac6f82ab14a445aac052e73f5cf1599827d898f67470dac5d5f5ca94d6cfd837c7b37336070390de46add687bc4f8d5f9ded8d312e

Malware Config

Targets

    • Target

      Our New Order Oct 19 2020 at 2.80_PVV440_PDF.jar

    • Size

      81KB

    • MD5

      7246a4e4864624b0cd3067f20cb125d9

    • SHA1

      e9ac5b2ec4ac5b137452ae496ac7fe82015d77fd

    • SHA256

      46a1aaf4f612f2437a760ed1a5717b24c8510fe5113dfdee451d4e7ba2fc78e4

    • SHA512

      7b815956b1d07ed60ba197ac6f82ab14a445aac052e73f5cf1599827d898f67470dac5d5f5ca94d6cfd837c7b37336070390de46add687bc4f8d5f9ded8d312e

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks