qnodeservice | 4e0ae0acc7af9393be8115188214a944a02666efdcc664dd7a617193bf15a93a | Triage

Analysis

max time kernel
151s
max time network
133s
platform
windows7_x64
resource
win7-en-20211208
submitted
05-02-2022 16:04

Sharing

Report Analysis Logs

General

Target

USD_53080_MT101_BANK_SCAN.jar
Size

5KB
MD5

66dae49e6a1edf3e74c33a06b4270d4b
SHA1

ed14532d4bbf152369cd39949802c6f773754c0e
SHA256

6f55f6e567ee9df0a823ce1072fbf1e7b5ae4ace2128f8b330394cab4d07d2ab
SHA512

a8ba21d9a23c2cace59ff915f8def5c5c9e7603aeaef76f34981456cfae9f1237a4600e73f5d3ebbf3c45a18701e29e330966e6b276d0443e10a33f124d4a1d9

Score

10^/10

qnodeservice trojan

Malware Config

Signatures

QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
trojan qnodeservice

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\USD_53080_MT101_BANK_SCAN.jar
1⤵
PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1772-55-0x000007FEFB5B1000-0x000007FEFB5B3000-memory.dmp

Filesize
8KB

Download
memory/1772-57-0x0000000001E60000-0x00000000051B0000-memory.dmp

Filesize
51.3MB

Download
memory/1772-58-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1772-62-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1772-85-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1772-95-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download