General

  • Target

    DHL AWB#4091013211.jar

  • Size

    73KB

  • Sample

    201105-9drhktynkj

  • MD5

    7881552dce01765a7ef287e21a0d7a95

  • SHA1

    9c2611f2a5f2f1239f90dc1246f2c38614ffc3f7

  • SHA256

    b54c02db8dc8425c9506d27196961ef355014b5fba62fe73db097a817b7be543

  • SHA512

    184c9e366bd199ba564bacb49ce1ed61a0b3cd3e6855e9389e709ea0a1b658926c2591f522a14f0df183a70f17f4f2d881c718175089a3e5eff37915ec408ac0

Malware Config

Targets

    • Target

      DHL AWB#4091013211.jar

    • Size

      73KB

    • MD5

      7881552dce01765a7ef287e21a0d7a95

    • SHA1

      9c2611f2a5f2f1239f90dc1246f2c38614ffc3f7

    • SHA256

      b54c02db8dc8425c9506d27196961ef355014b5fba62fe73db097a817b7be543

    • SHA512

      184c9e366bd199ba564bacb49ce1ed61a0b3cd3e6855e9389e709ea0a1b658926c2591f522a14f0df183a70f17f4f2d881c718175089a3e5eff37915ec408ac0

    • QNodeService

      Trojan/stealer written in NodeJS and spread via Java downloader.

    • Executes dropped EXE

    • Adds Run key to start application

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks