qnodeservice | 47f862b9d75a9190696a0620efddfe7e43b16b79c0b0f009a55ed5360f35b312 | Triage

Submit
Reports

Overview

overview

Static

static

fin_bsc_report.jar

windows7_x64

1

fin_bsc_report.jar

windows10_x64

Sharing

General

Target

fin_bsc_report.jar
Size

73KB
Sample

201019-nec5t7r36n
MD5

7447f61327acef94cbdaaaacdc5f7f2d
SHA1

d831ded9fc308cc53be80d819d33128392fcf962
SHA256

47f862b9d75a9190696a0620efddfe7e43b16b79c0b0f009a55ed5360f35b312
SHA512

0f4264a0335589b23e1c1a65f6bcbec24d5c4266e5d5d851fa2ad6990300618c7fa4e44ec957e095a9629c6d95175883636d7e7188297387ca21c25372cf8146

Score

10^/10

qnodeservice persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

fin_bsc_report.jar

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fin_bsc_report.jar

Resource

win10

spyware trojan qnodeservice persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fin_bsc_report.jar
- Size
  
  73KB
- MD5
  
  7447f61327acef94cbdaaaacdc5f7f2d
- SHA1
  
  d831ded9fc308cc53be80d819d33128392fcf962
- SHA256
  
  47f862b9d75a9190696a0620efddfe7e43b16b79c0b0f009a55ed5360f35b312
- SHA512
  
  0f4264a0335589b23e1c1a65f6bcbec24d5c4266e5d5d851fa2ad6990300618c7fa4e44ec957e095a9629c6d95175883636d7e7188297387ca21c25372cf8146
Score

10^/10

spyware trojan qnodeservice persistence
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

spywaretrojanqnodeservicepersistence

© 2018-2024

Terms | Privacy