General

  • Target

    SHIPMENT INFORMATION.jar

  • Size

    70KB

  • Sample

    201027-q4v67q8vx2

  • MD5

    6396fabd4d43d1e5e5e129067bb436fc

  • SHA1

    f3fb49da2badda937cac27186176fffad1ef1b4c

  • SHA256

    099fdf97c8f39179be21d4aad347f9d2778d63681e0b3c6b2709975a097423d2

  • SHA512

    2991d8eeab5df0a479e37b8fc60969a42b59684b81541bdddfcfdf8a353f0282769a8c8aeeb56ec03dde0929826ceedb8f81b7340546fe779b6f66bbd1fdfb62

Malware Config

Targets

    • Target

      SHIPMENT INFORMATION.jar

    • Size

      70KB

    • MD5

      6396fabd4d43d1e5e5e129067bb436fc

    • SHA1

      f3fb49da2badda937cac27186176fffad1ef1b4c

    • SHA256

      099fdf97c8f39179be21d4aad347f9d2778d63681e0b3c6b2709975a097423d2

    • SHA512

      2991d8eeab5df0a479e37b8fc60969a42b59684b81541bdddfcfdf8a353f0282769a8c8aeeb56ec03dde0929826ceedb8f81b7340546fe779b6f66bbd1fdfb62

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks