qnodeservice | 7629e88d552ddfd2653a656668b92d492a8a74f571dc4bd1289bb891858b9e88 | Triage

Submit
Reports

Overview

overview

Static

static

Payment receipt.jar

windows7_x64

1

Payment receipt.jar

windows10_x64

Sharing

General

Target

Payment receipt.jar
Size

76KB
Sample

201024-rv5mxexy1x
MD5

f91e9ef3ee69b04a6c8794d26383df16
SHA1

b23e629c3014a23b80fa0bda883a0c840d10ed8f
SHA256

7629e88d552ddfd2653a656668b92d492a8a74f571dc4bd1289bb891858b9e88
SHA512

4809e2ea5ee5ee53a317e99bee5c77adb0d35c5b21ec30831102cd37de1c5bb3d2e25fc31acd96b79efa4882411162d866b39641b57638579a8ed45675f0f9b8

Score

10^/10

qnodeservice persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment receipt.jar

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment receipt.jar

Resource

win10

spyware trojan qnodeservice persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Payment receipt.jar
- Size
  
  76KB
- MD5
  
  f91e9ef3ee69b04a6c8794d26383df16
- SHA1
  
  b23e629c3014a23b80fa0bda883a0c840d10ed8f
- SHA256
  
  7629e88d552ddfd2653a656668b92d492a8a74f571dc4bd1289bb891858b9e88
- SHA512
  
  4809e2ea5ee5ee53a317e99bee5c77adb0d35c5b21ec30831102cd37de1c5bb3d2e25fc31acd96b79efa4882411162d866b39641b57638579a8ed45675f0f9b8
Score

10^/10

spyware trojan qnodeservice persistence
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

spywaretrojanqnodeservicepersistence

© 2018-2025

Terms | Privacy