General

  • Target

    ShippingDetails.jar

  • Size

    71KB

  • Sample

    201023-sa1w8plk26

  • MD5

    c77c08128e07abb40b1ba8e103c36c15

  • SHA1

    786ada74eebc2a1241ec5378a6bf7ce7054bf684

  • SHA256

    faca93e7d0a1be9a3f2247b350c553110a76a2277b693be15488d6cf33aca609

  • SHA512

    84fd04cd31726e01f139ed47af30053d7574ea08611fa376bbf8518ba90f77c8107b40f0550483709d9dcf0f8c1589b3e7e567ab10535c6df0fab61f968f6d20

Malware Config

Targets

    • Target

      ShippingDetails.jar

    • Size

      71KB

    • MD5

      c77c08128e07abb40b1ba8e103c36c15

    • SHA1

      786ada74eebc2a1241ec5378a6bf7ce7054bf684

    • SHA256

      faca93e7d0a1be9a3f2247b350c553110a76a2277b693be15488d6cf33aca609

    • SHA512

      84fd04cd31726e01f139ed47af30053d7574ea08611fa376bbf8518ba90f77c8107b40f0550483709d9dcf0f8c1589b3e7e567ab10535c6df0fab61f968f6d20

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks