General

  • Target

    Shipping documents.jar

  • Size

    74KB

  • Sample

    201022-fd6sfvd43s

  • MD5

    aca734eeac3a00205e7a64800b05cb95

  • SHA1

    e09deace896a082517204f46ae3bddfc2f3f46c1

  • SHA256

    726902ed1aab6fe2e7632d70bfba8fe89efc025bc76c7f63c8cbc2f73dea193e

  • SHA512

    2966c44e70c9e0b2864112db107dd7194537ec71b654f173eff559a3ee4e03ecfd6ca5207a95a4cb3e8606197ab84fe12835d60c1e536a69370a103072f6f4c1

Malware Config

Targets

    • Target

      Shipping documents.jar

    • Size

      74KB

    • MD5

      aca734eeac3a00205e7a64800b05cb95

    • SHA1

      e09deace896a082517204f46ae3bddfc2f3f46c1

    • SHA256

      726902ed1aab6fe2e7632d70bfba8fe89efc025bc76c7f63c8cbc2f73dea193e

    • SHA512

      2966c44e70c9e0b2864112db107dd7194537ec71b654f173eff559a3ee4e03ecfd6ca5207a95a4cb3e8606197ab84fe12835d60c1e536a69370a103072f6f4c1

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks