General

  • Target

    Purchase order.jar

  • Size

    71KB

  • Sample

    201026-q56rbgwdgx

  • MD5

    15112dee9a2350e3e990c697cffe3be1

  • SHA1

    b581c744c734f8d78d1b63db9c423bab23ebefae

  • SHA256

    5824541971e764fb1c2b95f1020172f53430728078551021b6e37148d3532098

  • SHA512

    e86e9c57a86e6634e9c4f3ec352f79a4f1af6c4ed90334a4eecd5a8418b7bab8b17c8555f53b9c82c610101dc437ce0213020410c20e61ff62955b10ae4dd433

Malware Config

Targets

    • Target

      Purchase order.jar

    • Size

      71KB

    • MD5

      15112dee9a2350e3e990c697cffe3be1

    • SHA1

      b581c744c734f8d78d1b63db9c423bab23ebefae

    • SHA256

      5824541971e764fb1c2b95f1020172f53430728078551021b6e37148d3532098

    • SHA512

      e86e9c57a86e6634e9c4f3ec352f79a4f1af6c4ed90334a4eecd5a8418b7bab8b17c8555f53b9c82c610101dc437ce0213020410c20e61ff62955b10ae4dd433

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks