R.F.Q.jar

Target

R.F.Q.jar

Size

95KB

Sample

201117-tx39f9wjvj

Score

10 ^/10

MD5

75fe28262beff3cba941aa30438c2efb

SHA1

656b9cfaf5dfee343e476b47950243ce60c5751f

SHA256

8e51f941e056b959365021f58210ed34dbadab3890b95090987db6f87ba6ff58

SHA512

4873383f9aef1086a186681f2a2c6ea23be8f7e0573522fde786c2355068ff62801068977f970186628fbb6be8df6f46a627b67553c646c85c35d82c66dba0a9

Target

R.F.Q.jar

MD5

75fe28262beff3cba941aa30438c2efb

Filesize

95KB

Score

10^/10

SHA1

656b9cfaf5dfee343e476b47950243ce60c5751f

SHA256

8e51f941e056b959365021f58210ed34dbadab3890b95090987db6f87ba6ff58

SHA512

4873383f9aef1086a186681f2a2c6ea23be8f7e0573522fde786c2355068ff62801068977f970186628fbb6be8df6f46a627b67553c646c85c35d82c66dba0a9

Signatures

QNodeService
Description

Trojan/stealer written in NodeJS and spread via Java downloader.
Tags

trojan qnodeservice
Executes dropped EXE
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
JavaScript code in executable
Looks up external IP address via web service
Description

Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

1^/10

behavioral2

qnodeservice persistence trojan

10^/10

Tags

Signatures

QNodeService

Description

Tags

Executes dropped EXE

Adds Run key to start application

Tags

TTPs

JavaScript code in executable

Looks up external IP address via web service

Description

Related Tasks

static1

behavioral1

behavioral2