qnodeservice | 69910d95d12e3f612242941784a4ff5afd9c786123d461339f4ecaff87400824 | Triage

Analysis

max time kernel
149s
max time network
147s
platform
windows10_x64
resource
win10v20201028
submitted
09-11-2020 19:39

Sharing

Report Analysis Logs

General

Target

Automatische CNC-Maschine.jar
Size

53KB
MD5

d19f77ec11f5ecbd78593aadcfa29734
SHA1

d079c8845976ba1f378058ed46a78391dc09705d
SHA256

69910d95d12e3f612242941784a4ff5afd9c786123d461339f4ecaff87400824
SHA512

3d782e096a92e1f672f78f69253b9ae2a70a9380cc5c160b3bdb3b83a788b2d9c97c936b2e688f96d2fd4f1b6e9bf7ca0c261137d24d1906c8dc07ab4c226ecf

Score

10^/10

qnodeservice trojan

Malware Config

Signatures

QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
trojan qnodeservice
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

java.exe

pid process

4040 java.exe

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Automatische CNC-Maschine.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...