General

  • Target

    Invoice#2208.jar

  • Size

    76KB

  • Sample

    201026-hpy4pyb522

  • MD5

    7093c1ec98624a2f52cde9e290c4b21c

  • SHA1

    5df109a68ed6beead5952ee36007571fdd483994

  • SHA256

    e3fcf0a8d553c5bc5061798ccb1a4c08d17ad653331f83b0d7151cd8d3f5735a

  • SHA512

    310907dc6036a0fdcb77945910e18eb49f0900036a3165124f34a644d4a6e8e01c07b28dd64110e2d18ef98ba9ed879b269acc472742cef8b33599737e0d3654

Malware Config

Targets

    • Target

      Invoice#2208.jar

    • Size

      76KB

    • MD5

      7093c1ec98624a2f52cde9e290c4b21c

    • SHA1

      5df109a68ed6beead5952ee36007571fdd483994

    • SHA256

      e3fcf0a8d553c5bc5061798ccb1a4c08d17ad653331f83b0d7151cd8d3f5735a

    • SHA512

      310907dc6036a0fdcb77945910e18eb49f0900036a3165124f34a644d4a6e8e01c07b28dd64110e2d18ef98ba9ed879b269acc472742cef8b33599737e0d3654

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks