qnodeservice | 344e537d309f34ff04b78446d0dd2092b855181d837920a83c74a58f869a971f | Triage

Submit
Reports

Overview

overview

Static

static

FEDEX10902...00.jar

windows7_x64

1

FEDEX10902...00.jar

windows10_x64

Sharing

General

Target

FEDEX1090231102994010211000.jar
Size

99KB
Sample

201109-1bwdqlv1h6
MD5

383a770e96f2d241ba6ec8622c6a15b7
SHA1

f1778e6f8c95107fc5f75b74c591feac8e206977
SHA256

344e537d309f34ff04b78446d0dd2092b855181d837920a83c74a58f869a971f
SHA512

5c82f2e83ee6644dc3e7a5d487aef9379a0ea9104737d7529d8aa96de8eca6a3c83abcb417d977cf920c0199eb5659ba017c1c4cfa23b48060781a4835a7ea39

Score

10^/10

qnodeservice persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

FEDEX1090231102994010211000.jar

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FEDEX1090231102994010211000.jar

Resource

win10v20201028

qnodeservice persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  FEDEX1090231102994010211000.jar
- Size
  
  99KB
- MD5
  
  383a770e96f2d241ba6ec8622c6a15b7
- SHA1
  
  f1778e6f8c95107fc5f75b74c591feac8e206977
- SHA256
  
  344e537d309f34ff04b78446d0dd2092b855181d837920a83c74a58f869a971f
- SHA512
  
  5c82f2e83ee6644dc3e7a5d487aef9379a0ea9104737d7529d8aa96de8eca6a3c83abcb417d977cf920c0199eb5659ba017c1c4cfa23b48060781a4835a7ea39
Score

10^/10

qnodeservice persistence trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qnodeservicepersistencetrojan

© 2018-2024

Terms | Privacy