qnodeservice | 926fec40a324fdf3ff492db6a3c154fc524d0cc059197b6eaaa88c2d3df3811b | Triage

Submit
Reports

Overview

overview

Static

static

invoice_pdf.jar

windows7_x64

invoice_pdf.jar

windows10-2004_x64

4

Analysis

max time kernel
159s
max time network
87s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 01:03

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

invoice_pdf.jar

Resource

win7-20220414-en

qnodeservice trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

invoice_pdf.jar

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

invoice_pdf.jar
Size

5KB
MD5

37f5e9c66a090ac8ca354ad4574108ac
SHA1

84f29ff28d4d1f04b1a05c920718356588d49404
SHA256

18382afed4a3eb374fa6a2d5a564d881204f631279903a445fe2d19c8f1da897
SHA512

eb4faaaf782021cf70279e787642588bbf3bbe18d239b54558bbababa0b89eb8dce4b6cf96db9b6c1f7e347ed28bad189ccf51120f3f3335f6df8d9391da60b4

Score

10^/10

qnodeservice trojan

Malware Config

Signatures

QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
trojan qnodeservice

Processes

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\invoice_pdf.jar
1⤵
PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1164-54-0x000007FEFC061000-0x000007FEFC063000-memory.dmp

Filesize
8KB

Download
memory/1164-57-0x0000000002140000-0x0000000005140000-memory.dmp

Filesize
48.0MB

Download

© 2018-2024

Terms | Privacy