General

  • Target

    Tender#26102020.jar

  • Size

    68KB

  • Sample

    201026-w8msklqk1e

  • MD5

    4697aaf4076adb6f3d13f57f46384473

  • SHA1

    03eb4c114509f95dca7b1341d13d97f0db59a4e6

  • SHA256

    c95a2a4bf6c6ebc506bd44e1bffa5d976492fe790e4aad25877a175446bf4b64

  • SHA512

    8ac3199d526c96926fde78d6140598fac512e030b9106825643321258e6bc20f65257d89209abe4247d7424b2fb19b1d10e532ffddc0c4c491636fa807699957

Malware Config

Targets

    • Target

      Tender#26102020.jar

    • Size

      68KB

    • MD5

      4697aaf4076adb6f3d13f57f46384473

    • SHA1

      03eb4c114509f95dca7b1341d13d97f0db59a4e6

    • SHA256

      c95a2a4bf6c6ebc506bd44e1bffa5d976492fe790e4aad25877a175446bf4b64

    • SHA512

      8ac3199d526c96926fde78d6140598fac512e030b9106825643321258e6bc20f65257d89209abe4247d7424b2fb19b1d10e532ffddc0c4c491636fa807699957

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks