qnodeservice | 4a5ad2bab0ad5651561f7fe1300cfedb0a442a25f7b32326983c8ca820380b97 | Triage

Submit
Reports

Overview

overview

Static

static

Default

windows10_x64

Sharing

General

Target

INVOICE#0108.zip
Size

56KB
Sample

201020-hql8q7scxx
MD5

42dd6d65b235aa2d3e45b9054588216a
SHA1

7f3e36187558897af607f0964017685c7199816d
SHA256

4a5ad2bab0ad5651561f7fe1300cfedb0a442a25f7b32326983c8ca820380b97
SHA512

8c2e9204e89bb6a209f5b00f04cbfe0729b849305bd46d3088f9377babdece04cd1c0ef083de34706f28c31b0eab306810455562ca402a606f6b630f667c1014

Score

10^/10

qnodeservice persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

INVOICE#0108.jar

Resource

win10

trojan qnodeservice persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  INVOICE#0108.jar
- Size
  
  68KB
- MD5
  
  eeb9a3c4cc1fd0e95ff4184a50eb49d9
- SHA1
  
  8445135ef24533a22270fd15d9a9e767c43168e6
- SHA256
  
  6b9c4f7252046dbdc98d8eb537bdc776b1e35040b86c1dc1927c2e6bdd7e6c0d
- SHA512
  
  8533d4d2ef1fbcf7df5c452f613606df19a6271a54c4114809c3dfb21a0900e9d58474ba39da63b4bbd7aec4ed15279b81a3fcf538560e8e6bcc92781866ebcd
Score

10^/10

trojan qnodeservice persistence spyware
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trojanqnodeservicepersistencespyware

© 2018-2024

Terms | Privacy