qnodeservice | 1f89cb2ced0736bce39f66de5cfb11da41b9f87b8b13be3317f6b127f07cea24 | Triage

Submit
Reports

Overview

overview

Static

static

1.jar

windows7_x64

1

1.jar

windows10_x64

Sharing

General

Target

1.jar
Size

73KB
Sample

201123-p2c7m7zcae
MD5

6608586b5b7cf330a74d4abbbd9006be
SHA1

8449eb2836086f220d645621a869d189696bca91
SHA256

1f89cb2ced0736bce39f66de5cfb11da41b9f87b8b13be3317f6b127f07cea24
SHA512

782919fd5ea5ace0ba94fd0ef4b8dc8009e772e414f41f85ac9d11db5096adc7fd881eafebe16695f230e2cc2a821cdec89582337cf1e1ee1939aa1fe826b1fb

Score

10^/10

qnodeservice persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

1.jar

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1.jar

Resource

win10v20201028

qnodeservice persistence spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1.jar
- Size
  
  73KB
- MD5
  
  6608586b5b7cf330a74d4abbbd9006be
- SHA1
  
  8449eb2836086f220d645621a869d189696bca91
- SHA256
  
  1f89cb2ced0736bce39f66de5cfb11da41b9f87b8b13be3317f6b127f07cea24
- SHA512
  
  782919fd5ea5ace0ba94fd0ef4b8dc8009e772e414f41f85ac9d11db5096adc7fd881eafebe16695f230e2cc2a821cdec89582337cf1e1ee1939aa1fe826b1fb
Score

10^/10

qnodeservice persistence spyware trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qnodeservicepersistencespywaretrojan

© 2018-2025

Terms | Privacy