qnodeservice | 9a6b7407ba53097e2eb7290aeb49e47ed8c39dd6bc211040129b9142d3ac6d9c | Triage

Sharing

General

Target

9a6b7407ba53097e2eb7290aeb49e47ed8c39dd6bc211040129b9142d3ac6d9c
Size

485KB
Sample

220521-bednyaegel
MD5

90a5c16fef3b8036ba45c9b40f254915
SHA1

09a7ece9f8af0ad5d539bf9ad36e78636f2cea1b
SHA256

9a6b7407ba53097e2eb7290aeb49e47ed8c39dd6bc211040129b9142d3ac6d9c
SHA512

30c106d1394dae4e3faa9d64595ef40426ceb3db005a076dd39ffc496d566d5fd5626a19023379f1cb3c44f1e160821877a28fa13f8b0e9776355a5d302291d3

Score

10^/10

qnodeservice trojan

Malware Config

Targets

- Target
  
  Confirmation.jar
- Size
  
  7KB
- MD5
  
  303ad9df9d7724c0c374f228902322a5
- SHA1
  
  1d59c361d1e15a33aab7ff60a332c7e7206131e4
- SHA256
  
  d6daadae02394c806802ba3a53e29dfd0c995e71db98d6e951fe04fff87091e7
- SHA512
  
  adeb375d6815bed469870702525c17e6c45b1b7792e026de78935884f543eae036905ebbb5d31a0a3f23356e7e7ea6b480b33d5da9b4aa04746519c2d13e0f3a
Score

10^/10

qnodeservice trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
behavioral1 behavioral2
- Target
  
  OV060520.jar
- Size
  
  525KB
- MD5
  
  a3ac73e97ef6be4de439ccf497cb6a12
- SHA1
  
  aeec0256c25a5433560778489f0cb604f8575e96
- SHA256
  
  ca0ca64b4751d9ee8e75c9f200fb15e9ac4e8c1f35d34baee68fcc7e4a335c88
- SHA512
  
  72d53e35282c846887c7c412a882b3c4cad72709427c6bda8bfc27f9bb1d499301e625d02a669425f3bc994b0b55ead9965399b5800b2a7563e4748af6b1cc26
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

qnodeservicetrojan

behavioral2

behavioral3

behavioral4