qnodeservice | d0276ecaa9b9c49b3b1d53d5a6fd47288a33e626d6255a476c624d86dccf2fad | Triage

Submit
Reports

Overview

overview

Static

static

Remittance...ip.jar

windows7_x64

1

Remittance...ip.jar

windows10_x64

Sharing

General

Target

Remittance Advice from Prespa Consultancy Pty Ltd(1).jar.zip
Size

76KB
Sample

201123-3wac2bpxr6
MD5

00fbaeac41cb0a4dbc032fd8593e5ae7
SHA1

4749439b523248dabe38e0236fe4dcb77ae55c24
SHA256

d0276ecaa9b9c49b3b1d53d5a6fd47288a33e626d6255a476c624d86dccf2fad
SHA512

9e6fc3e8b5cf6a31b90c624d4c47240aed90e613c508640855585033a83ca3e8b4b5b67bc469a049652968da02fa5f7390f9c1f3e828dfc26c8ea7b5ee98fc89

Score

10^/10

qnodeservice persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Remittance Advice from Prespa Consultancy Pty Ltd(1).jar.zip.jar

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Remittance Advice from Prespa Consultancy Pty Ltd(1).jar.zip.jar

Resource

win10v20201028

qnodeservice persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Remittance Advice from Prespa Consultancy Pty Ltd(1).jar.zip
- Size
  
  76KB
- MD5
  
  00fbaeac41cb0a4dbc032fd8593e5ae7
- SHA1
  
  4749439b523248dabe38e0236fe4dcb77ae55c24
- SHA256
  
  d0276ecaa9b9c49b3b1d53d5a6fd47288a33e626d6255a476c624d86dccf2fad
- SHA512
  
  9e6fc3e8b5cf6a31b90c624d4c47240aed90e613c508640855585033a83ca3e8b4b5b67bc469a049652968da02fa5f7390f9c1f3e828dfc26c8ea7b5ee98fc89
Score

10^/10

qnodeservice persistence trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qnodeservicepersistencetrojan

© 2018-2024

Terms | Privacy