General

  • Target

    DHL_10090AWB_09800123_RECIEPT00097.jar

  • Size

    67KB

  • Sample

    201026-xvnqp8g5cs

  • MD5

    6537cf38f55f14c495f66cc0589a37f4

  • SHA1

    221ce81e11da1b315e858a441b728c56d52e33fd

  • SHA256

    3d9145b3312989c4484d9f7d8baa1f0c05a55126f2a5443e91ddd4ada9dcb3ba

  • SHA512

    dfc73eb9bb954ec8ba7954ca2a7e92f4f0c551fd3abce5bec65e408c0554f0fb1db8dd49cec3d96b7c97d3f321f78f78d97bb23da0902cbebe008f18b0ccd86f

Malware Config

Targets

    • Target

      DHL_10090AWB_09800123_RECIEPT00097.jar

    • Size

      67KB

    • MD5

      6537cf38f55f14c495f66cc0589a37f4

    • SHA1

      221ce81e11da1b315e858a441b728c56d52e33fd

    • SHA256

      3d9145b3312989c4484d9f7d8baa1f0c05a55126f2a5443e91ddd4ada9dcb3ba

    • SHA512

      dfc73eb9bb954ec8ba7954ca2a7e92f4f0c551fd3abce5bec65e408c0554f0fb1db8dd49cec3d96b7c97d3f321f78f78d97bb23da0902cbebe008f18b0ccd86f

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks