General

  • Target

    Our New Order Oct 20 2020 at 2.30_PVV440_PDF.jar

  • Size

    85KB

  • Sample

    201020-l6wcmdqzrs

  • MD5

    574cdc3953be5418190dbaca24caa3d1

  • SHA1

    a8d4a7ac39799b8190ceb21ce057edb0c7b201cf

  • SHA256

    3ddba8c66f62ec8610e6b09f5ae35beef6daa0464c83d4220ce456a3ac392605

  • SHA512

    f90f9a0a0731e5c9b94997ac69824a04d3e8dd87cd1a3781797633160c55928c734fc327be986a1ad0bb3e8356376daa690b2b14f71e1a780365bc6163c5309b

Malware Config

Targets

    • Target

      Our New Order Oct 20 2020 at 2.30_PVV440_PDF.jar

    • Size

      85KB

    • MD5

      574cdc3953be5418190dbaca24caa3d1

    • SHA1

      a8d4a7ac39799b8190ceb21ce057edb0c7b201cf

    • SHA256

      3ddba8c66f62ec8610e6b09f5ae35beef6daa0464c83d4220ce456a3ac392605

    • SHA512

      f90f9a0a0731e5c9b94997ac69824a04d3e8dd87cd1a3781797633160c55928c734fc327be986a1ad0bb3e8356376daa690b2b14f71e1a780365bc6163c5309b

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks