qnodeservice | 835834081946ec9778c7ac1255b166c5f2c25729e23d06305a9b28670415497d | Triage

Submit
Reports

Overview

overview

Static

static

380000_USD...20.jar

windows7_x64

1

380000_USD...20.jar

windows10_x64

Sharing

General

Target

380000_USD_INV_011740_NOV_2020.jar
Size

54KB
Sample

201127-n6d5kxprha
MD5

48fb2549992cb437906bf66ac6a28e9e
SHA1

7b6b367c992c71f2f28c6b5b02869c0519899e64
SHA256

835834081946ec9778c7ac1255b166c5f2c25729e23d06305a9b28670415497d
SHA512

440530a9ebf2bb6b13f88039c05da530e55c2cade41ff9c13eea3682c7435f2a379d1b01ae433000c790ac97be9be9f2af9bbc419e6189237e9a7b3d88c54308

Score

10^/10

qnodeservice persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

380000_USD_INV_011740_NOV_2020.jar

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

380000_USD_INV_011740_NOV_2020.jar

Resource

win10v20201028

qnodeservice persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  380000_USD_INV_011740_NOV_2020.jar
- Size
  
  54KB
- MD5
  
  48fb2549992cb437906bf66ac6a28e9e
- SHA1
  
  7b6b367c992c71f2f28c6b5b02869c0519899e64
- SHA256
  
  835834081946ec9778c7ac1255b166c5f2c25729e23d06305a9b28670415497d
- SHA512
  
  440530a9ebf2bb6b13f88039c05da530e55c2cade41ff9c13eea3682c7435f2a379d1b01ae433000c790ac97be9be9f2af9bbc419e6189237e9a7b3d88c54308
Score

10^/10

qnodeservice persistence trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Adds Run key to start application
  persistence
- JavaScript code in executable
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qnodeservicepersistencetrojan

© 2018-2025

Terms | Privacy