qnodeservice | d994494c2243dc8f45354fdafe1cb27f27d7fb1dc9bd3817738fcb92df2ec3cb | Triage

Submit
Reports

Overview

overview

Static

static

SWIFT-103.pdf.jar

windows7_x64

SWIFT-103.pdf.jar

windows10-2004_x64

4

Analysis

max time kernel
152s
max time network
75s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 01:01

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

SWIFT-103.pdf.jar

Resource

win7-20220414-en

qnodeservice trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SWIFT-103.pdf.jar

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

SWIFT-103.pdf.jar
Size

5KB
MD5

3490a955e550ec8f8bd1d5a848f91c66
SHA1

58c058f76480474ef6901375be70ffd0824243f5
SHA256

06fd5c51bca2b705184009a1ebe43cf7a5f238bbc68a464259523a824073fe90
SHA512

a43bd640e139011bd7dface7f08a95af4111150601ebfde771a1ffef674d91d6071cccefaf32046966eb884785ae3e7e557bb4ed2cfc6cdf742fd633b7ab0d5e

Score

10^/10

qnodeservice trojan

Malware Config

Signatures

QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
trojan qnodeservice

Processes

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\SWIFT-103.pdf.jar
1⤵
PID:1620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1620-54-0x000007FEFC081000-0x000007FEFC083000-memory.dmp

Filesize
8KB

Download
memory/1620-57-0x00000000021E0000-0x00000000051E0000-memory.dmp

Filesize
48.0MB

Download

© 2018-2024

Terms | Privacy