General

  • Target

    Purchase Order for TEIP ^456376262020.jar

  • Size

    72KB

  • Sample

    201028-dxpjxgvmle

  • MD5

    46ca891f93d15a230d696f22c77d6ab2

  • SHA1

    53532eadb52f808b55128217838c632ab87d8aee

  • SHA256

    fb79ac56e145da858300e4cd6f4ae2a836f5b93a9d41ac65ee4223604b7ce740

  • SHA512

    9dba788e569d2e1d92dbaa93a471b972a1caae1dd9658415bcde1fc7377c79005e84e29cada7215452d2ef51eb91d42d0ca52381946bd1e831bb532e096b1e93

Malware Config

Targets

    • Target

      Purchase Order for TEIP ^456376262020.jar

    • Size

      72KB

    • MD5

      46ca891f93d15a230d696f22c77d6ab2

    • SHA1

      53532eadb52f808b55128217838c632ab87d8aee

    • SHA256

      fb79ac56e145da858300e4cd6f4ae2a836f5b93a9d41ac65ee4223604b7ce740

    • SHA512

      9dba788e569d2e1d92dbaa93a471b972a1caae1dd9658415bcde1fc7377c79005e84e29cada7215452d2ef51eb91d42d0ca52381946bd1e831bb532e096b1e93

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks