54.jar

General
Target

54.jar

Size

57KB

Sample

201130-1l5kwb4t4s

Score
10 /10
MD5

ae77d6c4c46bbfdaa23c9238d12dcd98

SHA1

4a5e4e0e0e7957a6b78a827bcd2d13f37afa713d

SHA256

b91195dd162317cf8064a5c6479eb676936d32aca3c0262533a6a143fe0e28d1

SHA512

64dc178003a04a44a3887e136749a2e46e455ca343373d92e8087454cba8c462bdbd04e40164d315bf283174293104d759fc2d38fff4232579d760d9a3f1d114

Malware Config
Targets
Target

54.jar

MD5

ae77d6c4c46bbfdaa23c9238d12dcd98

Filesize

57KB

Score
10/10
SHA1

4a5e4e0e0e7957a6b78a827bcd2d13f37afa713d

SHA256

b91195dd162317cf8064a5c6479eb676936d32aca3c0262533a6a143fe0e28d1

SHA512

64dc178003a04a44a3887e136749a2e46e455ca343373d92e8087454cba8c462bdbd04e40164d315bf283174293104d759fc2d38fff4232579d760d9a3f1d114

Tags

Signatures

  • QNodeService

    Description

    Trojan/stealer written in NodeJS and spread via Java downloader.

    Tags

  • Executes dropped EXE

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • JavaScript code in executable

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    1/10

                    behavioral2

                    10/10