Overview

overview

10

Static

static

DHL Parcel.jar

windows7_x64

1

DHL Parcel.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL Parcel.jar

  • Size

    78KB

  • Sample

    201020-vavtf7fxdj

  • MD5

    7233aef533abb4b196eb92c5b55203c9

  • SHA1

    bf34d18a78b5011ee331cb08fc88e7fbfb3fafff

  • SHA256

    8ba26665fcdc0fd1f35e78fe0d1503c9d3f9719da1eee2e69d5738af0f89567f

  • SHA512

    991965eaef6741be35e0f8a69c9d1854be8f48c0f4ef561e4c6d3bc34e8741b3719cc8411fef6adcb64cbb393a41a021dfb93ce383f2787fe85b0a922f82d7a8

Score
10/10
qnodeservicepersistencetrojan

Malware Config

Targets

    • Target

      DHL Parcel.jar

    • Size

      78KB

    • MD5

      7233aef533abb4b196eb92c5b55203c9

    • SHA1

      bf34d18a78b5011ee331cb08fc88e7fbfb3fafff

    • SHA256

      8ba26665fcdc0fd1f35e78fe0d1503c9d3f9719da1eee2e69d5738af0f89567f

    • SHA512

      991965eaef6741be35e0f8a69c9d1854be8f48c0f4ef561e4c6d3bc34e8741b3719cc8411fef6adcb64cbb393a41a021dfb93ce383f2787fe85b0a922f82d7a8

    Score
    10/10
    trojanqnodeservicepersistence

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

      trojanqnodeservice

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks