qnodeservice | 2293451deb226457c937c9e7abb598679950c01bc5d5182354cf9fd6b8c8f16c | Triage

Submit
Reports

Overview

overview

Static

static

payment invoice.jar

windows7_x64

payment invoice.jar

windows10-2004_x64

1

Analysis

max time kernel
150s
max time network
65s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 01:06

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

payment invoice.jar

Resource

win7-20220414-en

qnodeservice trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

payment invoice.jar

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

payment invoice.jar
Size

7KB
MD5

caa7f626351988892255ce1b7f6d987f
SHA1

610b571e5753e2add7dc89d6bd4016d946d30e3c
SHA256

2236ee61beb212583d9c865dd96a1ea6c70935921c29e26a560a1c07d04a95fd
SHA512

01e14aa9f6df2741f5be545a12ab660192ffee7a6797c017910cccf66f5823859501a04eb3690393317bd90c7a8d57d159bb875e644db4e5c025a288d9fe3518

Score

10^/10

qnodeservice trojan

Malware Config

Signatures

QNodeService
Trojan/stealer written in NodeJS and spread via Java downloader.
trojan qnodeservice

Processes

C:\Windows\system32\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\payment invoice.jar"
1⤵
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-54-0x000007FEFC341000-0x000007FEFC343000-memory.dmp

Filesize
8KB

Download
memory/2040-57-0x00000000020B0000-0x00000000050B0000-memory.dmp

Filesize
48.0MB

Download

© 2018-2024

Terms | Privacy