General

  • Target

    Parcel Delivery Note.jar

  • Size

    77KB

  • Sample

    201023-axtwzp2bte

  • MD5

    0d96c82bc640a7304649e294a69b9263

  • SHA1

    2a611f879a6e4fa4bf7997392b8735ff6d752c1e

  • SHA256

    2a668c8e9f7e67de0b3bb60b71eb701884c98545d2e5b87e4aa97272847bb563

  • SHA512

    487a6b6c4142d154030b26a25a8ae43876f7cde9de3465bae3ab95de00920e958c2ff78e6923cca35e9e06dbf1731f980e039bcb26553a4e950f8e621f1be6ed

Malware Config

Targets

    • Target

      Parcel Delivery Note.jar

    • Size

      77KB

    • MD5

      0d96c82bc640a7304649e294a69b9263

    • SHA1

      2a611f879a6e4fa4bf7997392b8735ff6d752c1e

    • SHA256

      2a668c8e9f7e67de0b3bb60b71eb701884c98545d2e5b87e4aa97272847bb563

    • SHA512

      487a6b6c4142d154030b26a25a8ae43876f7cde9de3465bae3ab95de00920e958c2ff78e6923cca35e9e06dbf1731f980e039bcb26553a4e950f8e621f1be6ed

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks