jar.jar

General
Target

jar.jar

Size

81KB

Sample

201119-bqdcdjzgxs

Score
10 /10
MD5

9e8b6710fdd55ad0675295c2c3960732

SHA1

aed08772376bde9f848f335e77e2e3c3c230234d

SHA256

f2fb2d0c469abc0add346ef809ad86e0194400d391a2e5429b8cbeea2711bbad

SHA512

26f94b0b9766e9c244297cbe4af78f1b09087fbe471f099b5a77f5ca76fd5c905ee4d36188af67dbd6dc2c7f8402c882d0d2503a288af277840a1025562eac96

Malware Config
Targets
Target

jar.jar

MD5

9e8b6710fdd55ad0675295c2c3960732

Filesize

81KB

Score
10/10
SHA1

aed08772376bde9f848f335e77e2e3c3c230234d

SHA256

f2fb2d0c469abc0add346ef809ad86e0194400d391a2e5429b8cbeea2711bbad

SHA512

26f94b0b9766e9c244297cbe4af78f1b09087fbe471f099b5a77f5ca76fd5c905ee4d36188af67dbd6dc2c7f8402c882d0d2503a288af277840a1025562eac96

Tags

Signatures

  • QNodeService

    Description

    Trojan/stealer written in NodeJS and spread via Java downloader.

    Tags

  • Executes dropped EXE

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • JavaScript code in executable

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    1/10

                    behavioral2

                    10/10