qnodeservice | dc33943acfaeb2b98b0798c8b87d11037354deb8a324a21062f9098fb1b3922e | Triage

Submit
Reports

Overview

overview

Static

static

Statement ...mg.jar

windows7_x64

1

Statement ...mg.jar

windows10_x64

Sharing

General

Target

Statement 04 Oct-20.img.jar
Size

95KB
Sample

201106-w64x55xyve
MD5

67dcde7d0220354ccabc329fbe056af6
SHA1

e22bc9ad2f1da67d9ede5ad163cdcd158df6ff36
SHA256

dc33943acfaeb2b98b0798c8b87d11037354deb8a324a21062f9098fb1b3922e
SHA512

cb3e662e7aa7015f2c5d734ee481121762a84c536f956d57bbdcaa038bab6a4a62a69d004dd1987dc0b439343f81ee494d8e6aef9a5db761373f43176b96c2ef

Score

10^/10

qnodeservice persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Statement 04 Oct-20.img.jar

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Statement 04 Oct-20.img.jar

Resource

win10v20201028

qnodeservice persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Statement 04 Oct-20.img.jar
- Size
  
  95KB
- MD5
  
  67dcde7d0220354ccabc329fbe056af6
- SHA1
  
  e22bc9ad2f1da67d9ede5ad163cdcd158df6ff36
- SHA256
  
  dc33943acfaeb2b98b0798c8b87d11037354deb8a324a21062f9098fb1b3922e
- SHA512
  
  cb3e662e7aa7015f2c5d734ee481121762a84c536f956d57bbdcaa038bab6a4a62a69d004dd1987dc0b439343f81ee494d8e6aef9a5db761373f43176b96c2ef
Score

10^/10

qnodeservice persistence trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qnodeservicepersistencetrojan

© 2018-2024

Terms | Privacy