Overview

overview

10

Static

static

PAYMENT 1567_0001.jar

windows7_x64

10

PAYMENT 1567_0001.jar

windows10-2004_x64

4

Resubmissions

28-04-2024 18:21

240428-wzag8sdf92 7

31-05-2022 00:02

220531-abew6abfbp 10

Analysis

  • max time kernel
    148s
  • max time network
    84s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    31-05-2022 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PAYMENT 1567_0001.jar

  • Size

    5KB

  • MD5

    ae3ae22d472b3dd08af516fc826b37bb

  • SHA1

    0bc1a94d03c44d4ddcc1458d32f91e71eb82ab43

  • SHA256

    b5ba14af96ed4c62864c7a6659bcbebae1988edd0907c649c36b6c4ef6b67be5

  • SHA512

    06153f7ed32e213ce1de1f255b53b9df44205e00fb9c3c7e034a018d46416f903b5aaa1c33d1d42586e7287228b3e5646f7df0c7492cb9baa1777278ee32b8f2

Score
10/10
qnodeservicetrojan

Malware Config

Signatures

  • QNodeService

    Trojan/stealer written in NodeJS and spread via Java downloader.

    trojanqnodeservice

Processes

  • C:\Windows\system32\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\PAYMENT 1567_0001.jar"
    1⤵
      PID:1636

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1636-54-0x000007FEFBFD1000-0x000007FEFBFD3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1636-64-0x0000000002200000-0x0000000005200000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/1636-65-0x0000000002200000-0x0000000005200000-memory.dmp

      Filesize

      48.0MB

      Download