General

  • Target

    Our New Order Oct 19 2020 at 2.90_PVV440_PDF.jar

  • Size

    76KB

  • Sample

    201019-kbpav33xrx

  • MD5

    b87b80852063d48f3373fcee56a9a9c1

  • SHA1

    25fd2c6d43ec8335f7f793e339d07c3517e7737d

  • SHA256

    cd71c5e1f36a2fa25cd515061e8e9eb52d993af7179b7068e7ec1faeab137858

  • SHA512

    d23416931e8968b0e16ce96036113fb9ff3483d0e3344d0fc4570feff1aa3101676c469da31ca28afccbea22f3328cc5a7f2f6bdecb3edfe4bd0fce9cdf70562

Malware Config

Targets

    • Target

      Our New Order Oct 19 2020 at 2.90_PVV440_PDF.jar

    • Size

      76KB

    • MD5

      b87b80852063d48f3373fcee56a9a9c1

    • SHA1

      25fd2c6d43ec8335f7f793e339d07c3517e7737d

    • SHA256

      cd71c5e1f36a2fa25cd515061e8e9eb52d993af7179b7068e7ec1faeab137858

    • SHA512

      d23416931e8968b0e16ce96036113fb9ff3483d0e3344d0fc4570feff1aa3101676c469da31ca28afccbea22f3328cc5a7f2f6bdecb3edfe4bd0fce9cdf70562

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks