Overview

overview

10

Static

static

Closing Letter.jar

windows7_x64

1

Closing Letter.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Closing Letter.jar

  • Size

    71KB

  • Sample

    201022-l9f1ezryfa

  • MD5

    831b760ab36e475c75edf3995058c835

  • SHA1

    6cd5e4ea8b9c1649d4e0e4f2a69ef77456f5048a

  • SHA256

    397a2d60c33dfdcd5cc56ae22b22989f31c154ced6547d9f1487ae02a1dc30db

  • SHA512

    0d856e43eb08e6d264c47b9b75aca7a800cbce7cca362dc9711d562a37b95c9d956e59fb9957d6e9e9768cf30f767d6ba904597777a458271530f9732a126949

Score
10/10
qnodeservicepersistencetrojan

Malware Config

Targets

    • Target

      Closing Letter.jar

    • Size

      71KB

    • MD5

      831b760ab36e475c75edf3995058c835

    • SHA1

      6cd5e4ea8b9c1649d4e0e4f2a69ef77456f5048a

    • SHA256

      397a2d60c33dfdcd5cc56ae22b22989f31c154ced6547d9f1487ae02a1dc30db

    • SHA512

      0d856e43eb08e6d264c47b9b75aca7a800cbce7cca362dc9711d562a37b95c9d956e59fb9957d6e9e9768cf30f767d6ba904597777a458271530f9732a126949

    Score
    10/10
    trojanqnodeservicepersistence

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

      trojanqnodeservice

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks