Remittance Advice from Prespa Consultancy Pty Ltd(1).jar.zip

General
Target

Remittance Advice from Prespa Consultancy Pty Ltd(1).jar.zip

Size

76KB

Sample

201123-3wac2bpxr6

Score
10 /10
MD5

00fbaeac41cb0a4dbc032fd8593e5ae7

SHA1

4749439b523248dabe38e0236fe4dcb77ae55c24

SHA256

d0276ecaa9b9c49b3b1d53d5a6fd47288a33e626d6255a476c624d86dccf2fad

SHA512

9e6fc3e8b5cf6a31b90c624d4c47240aed90e613c508640855585033a83ca3e8b4b5b67bc469a049652968da02fa5f7390f9c1f3e828dfc26c8ea7b5ee98fc89

Malware Config
Targets
Target

Remittance Advice from Prespa Consultancy Pty Ltd(1).jar.zip

MD5

00fbaeac41cb0a4dbc032fd8593e5ae7

Filesize

76KB

Score
10/10
SHA1

4749439b523248dabe38e0236fe4dcb77ae55c24

SHA256

d0276ecaa9b9c49b3b1d53d5a6fd47288a33e626d6255a476c624d86dccf2fad

SHA512

9e6fc3e8b5cf6a31b90c624d4c47240aed90e613c508640855585033a83ca3e8b4b5b67bc469a049652968da02fa5f7390f9c1f3e828dfc26c8ea7b5ee98fc89

Tags

Signatures

  • QNodeService

    Description

    Trojan/stealer written in NodeJS and spread via Java downloader.

    Tags

  • Executes dropped EXE

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • JavaScript code in executable

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    1/10

                    behavioral2

                    10/10