Rechnung 1.jar

General
Target

Rechnung 1.jar

Size

50KB

Sample

201124-z2bhjr8dtx

Score
10 /10
MD5

5847b21081ad895a7af96259f5ec0d59

SHA1

a690cb52bbb216fa181d700df67181c90c31d014

SHA256

bd2ef877f531d56a5a2a93d269d19e09195b908b2f39cd8b092f03916ed3b2b1

SHA512

cb844a4b2e976bad6d44c316b9718a2f795b00b91690cfd340ad4e7782eca279f58ff74cc79bc63d9d79e5aa8f232c2fc3e5cdb8b71f8d7a8f125e501d80224f

Malware Config
Targets
Target

Rechnung 1.jar

MD5

5847b21081ad895a7af96259f5ec0d59

Filesize

50KB

Score
10/10
SHA1

a690cb52bbb216fa181d700df67181c90c31d014

SHA256

bd2ef877f531d56a5a2a93d269d19e09195b908b2f39cd8b092f03916ed3b2b1

SHA512

cb844a4b2e976bad6d44c316b9718a2f795b00b91690cfd340ad4e7782eca279f58ff74cc79bc63d9d79e5aa8f232c2fc3e5cdb8b71f8d7a8f125e501d80224f

Tags

Signatures

  • QNodeService

    Description

    Trojan/stealer written in NodeJS and spread via Java downloader.

    Tags

  • Executes dropped EXE

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • JavaScript code in executable

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    1/10

                    behavioral2

                    10/10