General
-
Target
20201025_8428223.jar
-
Size
78KB
-
Sample
201028-5y9h2t2x32
-
MD5
1dd1c8e9bfa0796e09e43d9ca2e7ff8a
-
SHA1
45084942b2387c4fd4fa7c751344efd126863c16
-
SHA256
0a27689398ba97857fe915d7bf1f3d62249d4b8f26ab713f55bdfb556733c9df
-
SHA512
9a9ae2cbd27bfa9e7fd3adae560419b2c377bff7b5b9199d82365d0e7627c0b36e0cb9af9008947fb715579b415ac381d86e1c0f2c3700f7f2d6652b27c05865
Malware Config
Targets
-
-
Target
20201025_8428223.jar
-
Size
78KB
-
MD5
1dd1c8e9bfa0796e09e43d9ca2e7ff8a
-
SHA1
45084942b2387c4fd4fa7c751344efd126863c16
-
SHA256
0a27689398ba97857fe915d7bf1f3d62249d4b8f26ab713f55bdfb556733c9df
-
SHA512
9a9ae2cbd27bfa9e7fd3adae560419b2c377bff7b5b9199d82365d0e7627c0b36e0cb9af9008947fb715579b415ac381d86e1c0f2c3700f7f2d6652b27c05865
Score10/10-
QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-