General

  • Target

    DHL Notification DHL_AWB_0011179303.jar

  • Size

    75KB

  • Sample

    201019-vy4sv9j89n

  • MD5

    5492176123097b367c4c36908a67730e

  • SHA1

    919867accf22f1ae7bd332690b5c16f7a57f2c68

  • SHA256

    113dd566f2ac95687d7bc63b9d45bfa754d2ebd2c923665eed27284d17089a50

  • SHA512

    cc8443b2638976f3905be6fa2d14edb17a4b5cdb4274180c90e19732a52825e0601e5767ce21dd9181d07183e8daae8ca850cb0a191ade88d0393d494b1519e1

Malware Config

Targets

    • Target

      DHL Notification DHL_AWB_0011179303.jar

    • Size

      75KB

    • MD5

      5492176123097b367c4c36908a67730e

    • SHA1

      919867accf22f1ae7bd332690b5c16f7a57f2c68

    • SHA256

      113dd566f2ac95687d7bc63b9d45bfa754d2ebd2c923665eed27284d17089a50

    • SHA512

      cc8443b2638976f3905be6fa2d14edb17a4b5cdb4274180c90e19732a52825e0601e5767ce21dd9181d07183e8daae8ca850cb0a191ade88d0393d494b1519e1

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks