Rechnung 1.jar

Target

Rechnung 1.jar

Size

50KB

Sample

201124-z2bhjr8dtx

Score

10 ^/10

MD5

5847b21081ad895a7af96259f5ec0d59

SHA1

a690cb52bbb216fa181d700df67181c90c31d014

SHA256

bd2ef877f531d56a5a2a93d269d19e09195b908b2f39cd8b092f03916ed3b2b1

SHA512

cb844a4b2e976bad6d44c316b9718a2f795b00b91690cfd340ad4e7782eca279f58ff74cc79bc63d9d79e5aa8f232c2fc3e5cdb8b71f8d7a8f125e501d80224f

Target

Rechnung 1.jar

MD5

5847b21081ad895a7af96259f5ec0d59

Filesize

50KB

Score

10^/10

SHA1

a690cb52bbb216fa181d700df67181c90c31d014

SHA256

bd2ef877f531d56a5a2a93d269d19e09195b908b2f39cd8b092f03916ed3b2b1

SHA512

cb844a4b2e976bad6d44c316b9718a2f795b00b91690cfd340ad4e7782eca279f58ff74cc79bc63d9d79e5aa8f232c2fc3e5cdb8b71f8d7a8f125e501d80224f

Signatures

QNodeService
Description

Trojan/stealer written in NodeJS and spread via Java downloader.
Tags

trojan qnodeservice
Executes dropped EXE
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
JavaScript code in executable
Looks up external IP address via web service
Description

Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

1^/10

behavioral2

qnodeservice persistence trojan

10^/10

Tags

Signatures

QNodeService

Description

Tags

Executes dropped EXE

Adds Run key to start application

Tags

TTPs

JavaScript code in executable

Looks up external IP address via web service

Description

Related Tasks

static1

behavioral1

behavioral2