qnodeservice | f674e837cb1184e2c0d672900a4ad7b95abd73d70073683a253e107e6d010314 | Triage

Analysis

max time kernel
149s
max time network
40s
platform
windows7_x64
resource
win7-en-20211208
submitted
05-02-2022 07:53

Sharing

Report Analysis Logs

General

Target

NOTE DE SERVICE.pdf.jar
Size

5KB
MD5

c38bf06bce2793cd226dfa7eff582482
SHA1

08238c708ae4acc85a6c5a1fe452bb8f5dc46c6b
SHA256

c968ebe9ec371a611049d8836e1a6bcd3d6791d331604e80b0c65f9e442b8239
SHA512

2f76a86a7ae60a5b5564b443e694aff02bec00e9687f9f0a6b73046970314c089a8820d60348b6981f393a5b278c8862cfaafa3539ae7dbd78a4f80bb408b266

Score

10^/10

qnodeservice trojan

Malware Config

Signatures

QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
trojan qnodeservice

C:\Windows\system32\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\NOTE DE SERVICE.pdf.jar"
1⤵
PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/836-53-0x000007FEFBE11000-0x000007FEFBE13000-memory.dmp

Filesize
8KB

Download
memory/836-55-0x0000000001CF0000-0x0000000005130000-memory.dmp

Filesize
52.2MB

Download
memory/836-56-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/836-58-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/836-59-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/836-60-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/836-66-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/836-99-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download