General
-
Target
DHL.jar
-
Size
73KB
-
Sample
201023-t8phbbhw2n
-
MD5
b8c87f39813cbf2c1cfc9643d1175e8f
-
SHA1
99f1cc2b620ed9bda0087777a11388c882c06943
-
SHA256
6d64973f89ff7383c610b24969f4b3f8f9a134354d4dbbbb922be53696577957
-
SHA512
ad4d786692d7c7b61a7eb2ecdb63235cb10cb167f375e3648ada7411d2f7714269004795c3101d25b666277067a19428ad778454b659a349398418c3d91e2fa4
Malware Config
Targets
-
-
Target
DHL.jar
-
Size
73KB
-
MD5
b8c87f39813cbf2c1cfc9643d1175e8f
-
SHA1
99f1cc2b620ed9bda0087777a11388c882c06943
-
SHA256
6d64973f89ff7383c610b24969f4b3f8f9a134354d4dbbbb922be53696577957
-
SHA512
ad4d786692d7c7b61a7eb2ecdb63235cb10cb167f375e3648ada7411d2f7714269004795c3101d25b666277067a19428ad778454b659a349398418c3d91e2fa4
Score10/10-
QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
-
Executes dropped EXE
-
Adds Run key to start application
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-