qnodeservice | a635ab4ec8492d9c26771aa2e50722f14e6f87083aa6dd89dfe64ebc5412f217 | Triage

Submit
Reports

Overview

overview

Static

static

FedEx #187...37.jar

windows7_x64

1

FedEx #187...37.jar

windows10_x64

Sharing

General

Target

FedEx #187320605737.jar
Size

75KB
Sample

201109-1an94werpx
MD5

556d3bbd059f20eecb26acf1ba4e2618
SHA1

7af2267b6e71d70e9f432e017dd939d7508aec49
SHA256

a635ab4ec8492d9c26771aa2e50722f14e6f87083aa6dd89dfe64ebc5412f217
SHA512

1e87685223a7054ab52727135ef45abc74e573eebd63db14834553f926d4bba42e8c89bf1d388ec2990054b0848341290509e29f8d8bad6435a9b0b42439ec48

Score

10^/10

qnodeservice persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

FedEx #187320605737.jar

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FedEx #187320605737.jar

Resource

win10v20201028

qnodeservice persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  FedEx #187320605737.jar
- Size
  
  75KB
- MD5
  
  556d3bbd059f20eecb26acf1ba4e2618
- SHA1
  
  7af2267b6e71d70e9f432e017dd939d7508aec49
- SHA256
  
  a635ab4ec8492d9c26771aa2e50722f14e6f87083aa6dd89dfe64ebc5412f217
- SHA512
  
  1e87685223a7054ab52727135ef45abc74e573eebd63db14834553f926d4bba42e8c89bf1d388ec2990054b0848341290509e29f8d8bad6435a9b0b42439ec48
Score

10^/10

qnodeservice persistence trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qnodeservicepersistencetrojan

© 2018-2025

Terms | Privacy