jar.jar

Target

jar.jar

Size

81KB

Sample

201119-bqdcdjzgxs

Score

10 ^/10

MD5

9e8b6710fdd55ad0675295c2c3960732

SHA1

aed08772376bde9f848f335e77e2e3c3c230234d

SHA256

f2fb2d0c469abc0add346ef809ad86e0194400d391a2e5429b8cbeea2711bbad

SHA512

26f94b0b9766e9c244297cbe4af78f1b09087fbe471f099b5a77f5ca76fd5c905ee4d36188af67dbd6dc2c7f8402c882d0d2503a288af277840a1025562eac96

Target

jar.jar

MD5

9e8b6710fdd55ad0675295c2c3960732

Filesize

81KB

Score

10^/10

SHA1

aed08772376bde9f848f335e77e2e3c3c230234d

SHA256

f2fb2d0c469abc0add346ef809ad86e0194400d391a2e5429b8cbeea2711bbad

SHA512

26f94b0b9766e9c244297cbe4af78f1b09087fbe471f099b5a77f5ca76fd5c905ee4d36188af67dbd6dc2c7f8402c882d0d2503a288af277840a1025562eac96

Signatures

QNodeService
Description

Trojan/stealer written in NodeJS and spread via Java downloader.
Tags

trojan qnodeservice
Executes dropped EXE
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
JavaScript code in executable
Looks up external IP address via web service
Description

Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

1^/10

behavioral2

qnodeservice persistence trojan

10^/10

Tags

Signatures

QNodeService

Description

Tags

Executes dropped EXE

Adds Run key to start application

Tags

TTPs

JavaScript code in executable

Looks up external IP address via web service

Description

Related Tasks

static1

behavioral1

behavioral2