General

  • Target

    DHL_109401211_AWB09100903_12012900.jar

  • Size

    70KB

  • Sample

    201019-7tdr14c19s

  • MD5

    5b63a9bcee6e5f189d25cf270b579d05

  • SHA1

    b3e0e86aff8fb3b156ebb53fc11153ae6c5d388b

  • SHA256

    bffaedde078cf79c57bef9992503d088d21ea51957558a63e510b973c1e6f5fb

  • SHA512

    c088674ff3c470cfa3ca86ac8bb4c8aa873434a98f2de4a35ec9afa63ce88f2cf0726dd54f9b143cd3b686bceb784e933d35f8636fb800ae946890f7ee96693f

Malware Config

Targets

    • Target

      DHL_109401211_AWB09100903_12012900.jar

    • Size

      70KB

    • MD5

      5b63a9bcee6e5f189d25cf270b579d05

    • SHA1

      b3e0e86aff8fb3b156ebb53fc11153ae6c5d388b

    • SHA256

      bffaedde078cf79c57bef9992503d088d21ea51957558a63e510b973c1e6f5fb

    • SHA512

      c088674ff3c470cfa3ca86ac8bb4c8aa873434a98f2de4a35ec9afa63ce88f2cf0726dd54f9b143cd3b686bceb784e933d35f8636fb800ae946890f7ee96693f

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks