qnodeservice | 69023fa531b2088f78ed939f81bca0d2bfb1f13f5ec441d603b1b5800f75429f | Triage

Analysis

max time kernel
150s
max time network
56s
platform
windows7_x64
resource
win7-en-20211208
submitted
05-02-2022 14:44

Sharing

Report Analysis Logs

General

Target

BANK-SWIFT RETURNE ERROR MESSAGE.jar
Size

5KB
MD5

cb0c25a22d3220c9a27c81689454c30f
SHA1

5830a1d928f4c60ecdbeeba79b775a7f5f4c8a1a
SHA256

87a79399819d19575d58fad00b424a3d996b7d2f85aa1233d65cfa8e6065100c
SHA512

e584e1bfec3ccfeaef616265f88b04d563016495c1b23dca5b9dc15ce9813e635609e44b0e6d254c2252ca65246494531294417485e0a52ab2c01663f6bfb44b

Score

10^/10

qnodeservice trojan

Malware Config

Signatures

QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
trojan qnodeservice

C:\Windows\system32\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\BANK-SWIFT RETURNE ERROR MESSAGE.jar"
1⤵
PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2028-54-0x000007FEFB531000-0x000007FEFB533000-memory.dmp

Filesize
8KB

Download
memory/2028-56-0x0000000002260000-0x0000000005260000-memory.dmp

Filesize
48.0MB

Download
memory/2028-57-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2028-59-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2028-72-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2028-84-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download