54.jar

Target

54.jar

Size

57KB

Sample

201130-1l5kwb4t4s

Score

10 ^/10

MD5

ae77d6c4c46bbfdaa23c9238d12dcd98

SHA1

4a5e4e0e0e7957a6b78a827bcd2d13f37afa713d

SHA256

b91195dd162317cf8064a5c6479eb676936d32aca3c0262533a6a143fe0e28d1

SHA512

64dc178003a04a44a3887e136749a2e46e455ca343373d92e8087454cba8c462bdbd04e40164d315bf283174293104d759fc2d38fff4232579d760d9a3f1d114

Target

54.jar

MD5

ae77d6c4c46bbfdaa23c9238d12dcd98

Filesize

57KB

Score

10^/10

SHA1

4a5e4e0e0e7957a6b78a827bcd2d13f37afa713d

SHA256

b91195dd162317cf8064a5c6479eb676936d32aca3c0262533a6a143fe0e28d1

SHA512

64dc178003a04a44a3887e136749a2e46e455ca343373d92e8087454cba8c462bdbd04e40164d315bf283174293104d759fc2d38fff4232579d760d9a3f1d114

Signatures

QNodeService
Description

Trojan/stealer written in NodeJS and spread via Java downloader.
Tags

trojan qnodeservice
Executes dropped EXE
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
JavaScript code in executable
Looks up external IP address via web service
Description

Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

1^/10

behavioral2

qnodeservice persistence trojan

10^/10

Tags

Signatures

QNodeService

Description

Tags

Executes dropped EXE

Adds Run key to start application

Tags

TTPs

JavaScript code in executable

Looks up external IP address via web service

Description

Related Tasks

static1

behavioral1

behavioral2