Overview

overview

10

Static

static

RFQ20200.jar

windows7_x64

10

RFQ20200.jar

windows10-2004_x64

1

Analysis

  • max time kernel
    151s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    05-02-2022 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ20200.jar

  • Size

    5KB

  • MD5

    ee4b7cb48f23baf62dfdd8907927138d

  • SHA1

    766b0247212f2731ba69721967a98f643ee127f4

  • SHA256

    6ff68fff0890426f1baa3465b636323e30d20e42405b4c78f6b36fbf0d6a712f

  • SHA512

    b5c162c837f9cb0a00f7b1ca5f94318d44c76bed140c2c89c799c81ccb7a39bebe009c37f7f2d522bbc999cb473b2b01158d858989aa9756ff0513772f563eb1

Score
10/10
qnodeservicetrojan

Malware Config

Signatures

  • QNodeService

    Trojan/stealer written in NodeJS and spread via Java downloader.

    trojanqnodeservice

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\RFQ20200.jar
    1⤵
      PID:1288

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1288-54-0x000007FEFB7E1000-0x000007FEFB7E3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1288-56-0x0000000002100000-0x0000000005100000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/1288-57-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1288-58-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1288-61-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download