General

  • Target

    FedEx AWB # 187320605737.jar

  • Size

    79KB

  • Sample

    201027-6c3jq3svvs

  • MD5

    235a86c4929c5e3de83e6855370d6eb4

  • SHA1

    fc9e5d5dbef91d126b019a484d21ffc032e9c573

  • SHA256

    2c5607a8d1a2c9baf69ebfd4b285519d453e397bda7f0b63fca3e1e2c4748e9c

  • SHA512

    f6283ba5d77c4750cb66f510ac1a73108e10fabc0f11a96916c584099c544ca03b57ade2cc047ab80c57f8ad6fdce65cedfd50751a125a104562b2b9dd73d178

Malware Config

Targets

    • Target

      FedEx AWB # 187320605737.jar

    • Size

      79KB

    • MD5

      235a86c4929c5e3de83e6855370d6eb4

    • SHA1

      fc9e5d5dbef91d126b019a484d21ffc032e9c573

    • SHA256

      2c5607a8d1a2c9baf69ebfd4b285519d453e397bda7f0b63fca3e1e2c4748e9c

    • SHA512

      f6283ba5d77c4750cb66f510ac1a73108e10fabc0f11a96916c584099c544ca03b57ade2cc047ab80c57f8ad6fdce65cedfd50751a125a104562b2b9dd73d178

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks