Overview

overview

10

Static

static

Image_0076...EG.jar

windows7_x64

1

Image_0076...EG.jar

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Image_0076643387005313_JPEG.jar

  • Size

    72KB

  • Sample

    201027-dcbzygyb4a

  • MD5

    acbf2c54168796646a4f50d697f5b739

  • SHA1

    a763accf3db141b6407630e6f7b070ef585d4048

  • SHA256

    c5be24f2b7855a0caad13979c9e1192f36cd121108b488a134d6db67c37c2c6d

  • SHA512

    3f1bbe41c8f09dd3d453c2029239b8553d246071da83bfb69c1e84d45bbd1a3806116032f840445de42f98478bfdf60bad053af355396dca9c0b6f84835ab653

Score
10/10
qnodeservicepersistencetrojan

Malware Config

Targets

    • Target

      Image_0076643387005313_JPEG.jar

    • Size

      72KB

    • MD5

      acbf2c54168796646a4f50d697f5b739

    • SHA1

      a763accf3db141b6407630e6f7b070ef585d4048

    • SHA256

      c5be24f2b7855a0caad13979c9e1192f36cd121108b488a134d6db67c37c2c6d

    • SHA512

      3f1bbe41c8f09dd3d453c2029239b8553d246071da83bfb69c1e84d45bbd1a3806116032f840445de42f98478bfdf60bad053af355396dca9c0b6f84835ab653

    Score
    10/10
    trojanqnodeservicepersistence

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

      trojanqnodeservice

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks