Overview

overview

10

Static

static

Quote221020209.jar

windows7_x64

1

Quote221020209.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quote221020209.jar

  • Size

    73KB

  • Sample

    201023-l7h9xfbjx6

  • MD5

    b8e60538ee077d5af662563754110797

  • SHA1

    3615868cd7d11f8ea86194bd58ab4debafe98432

  • SHA256

    8eed7755fa12e8f6f674c887065f44495e53181e41bed333ce655c43a40c4e27

  • SHA512

    564092ca6491cf57a8d4d071de32f6dd7ff89c432f2a45a633cfb17dd2ab8e8affbb33772f841866301389a677bd11e62eab5339e19b9853a2e4039c18930658

Score
10/10
qnodeservicepersistencetrojan

Malware Config

Targets

    • Target

      Quote221020209.jar

    • Size

      73KB

    • MD5

      b8e60538ee077d5af662563754110797

    • SHA1

      3615868cd7d11f8ea86194bd58ab4debafe98432

    • SHA256

      8eed7755fa12e8f6f674c887065f44495e53181e41bed333ce655c43a40c4e27

    • SHA512

      564092ca6491cf57a8d4d071de32f6dd7ff89c432f2a45a633cfb17dd2ab8e8affbb33772f841866301389a677bd11e62eab5339e19b9853a2e4039c18930658

    Score
    10/10
    trojanqnodeservicepersistence

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

      trojanqnodeservice

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks