DHL_Nov 2020 at 1.85_8BZ290_PDF.jar

Target

Size

71KB

Sample

201127-etklnp6jga

Score

10 ^/10

MD5

f204d9f0175eb6a66a0e312d63477680

SHA1

e161a465e339be0ec43ba30ee7b0c25a9b40dc0e

SHA256

d529003a6e1708637cc07277bfbef218db0dcaec7eed84b28567910f439297ee

SHA512

7d0c8c20539affd05bc5ee7de1cdc4cb65e2127b7972418c686677d7b4d12e34803446f73bce0406fdeeea6ab72c9fabee5aeb81985bce1502aabaa9d531c227

Target

DHL_Nov 2020 at 1.85_8BZ290_PDF.jar

MD5

f204d9f0175eb6a66a0e312d63477680

Filesize

71KB

Score

10^/10

SHA1

e161a465e339be0ec43ba30ee7b0c25a9b40dc0e

SHA256

d529003a6e1708637cc07277bfbef218db0dcaec7eed84b28567910f439297ee

SHA512

7d0c8c20539affd05bc5ee7de1cdc4cb65e2127b7972418c686677d7b4d12e34803446f73bce0406fdeeea6ab72c9fabee5aeb81985bce1502aabaa9d531c227

Signatures

QNodeService
Description

Trojan/stealer written in NodeJS and spread via Java downloader.
Tags

trojan qnodeservice
Executes dropped EXE
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
JavaScript code in executable
Looks up external IP address via web service
Description

Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

1^/10

behavioral2

qnodeservice persistence trojan

10^/10

Tags

Signatures

QNodeService

Description

Tags

Executes dropped EXE

Adds Run key to start application

Tags

TTPs

JavaScript code in executable

Looks up external IP address via web service

Description

Related Tasks

static1

behavioral1

behavioral2