qnodeservice | abcd39bfe06ab1741c6fdd7f040a372b13846a10a343de341bdc4fdb107c4a5c | Triage

Sharing

General

Target

39e89b2d52370e1ebd02acb99aee5ae3_JaffaCakes118
Size

167KB
Sample

240512-nr8fasdc2s
MD5

39e89b2d52370e1ebd02acb99aee5ae3
SHA1

a54ff4d60eb29ed5ee22e25182c1986a4f6b02b7
SHA256

abcd39bfe06ab1741c6fdd7f040a372b13846a10a343de341bdc4fdb107c4a5c
SHA512

ecda85677aaec2c59cc813a080767f1289a284769a7a2836766715a5b191d478249b0f3d137b981a6505001ba2dd3e81524e9e97cecfbd88b1913cfb2d7da72d
SSDEEP

3072:+O4x0H3uHFU6Qm77WgXxXabhhrCNc8knTVx+x9Fnqv161pfeiEm:Gx0eF5QCKg5YhOy2xfa8wm

Score

10^/10

qnodeservice discovery trojan

Malware Config

Targets

- Target
  
  39e89b2d52370e1ebd02acb99aee5ae3_JaffaCakes118
- Size
  
  167KB
- MD5
  
  39e89b2d52370e1ebd02acb99aee5ae3
- SHA1
  
  a54ff4d60eb29ed5ee22e25182c1986a4f6b02b7
- SHA256
  
  abcd39bfe06ab1741c6fdd7f040a372b13846a10a343de341bdc4fdb107c4a5c
- SHA512
  
  ecda85677aaec2c59cc813a080767f1289a284769a7a2836766715a5b191d478249b0f3d137b981a6505001ba2dd3e81524e9e97cecfbd88b1913cfb2d7da72d
- SSDEEP
  
  3072:+O4x0H3uHFU6Qm77WgXxXabhhrCNc8knTVx+x9Fnqv161pfeiEm:Gx0eF5QCKg5YhOy2xfa8wm
Score

10^/10

qnodeservice discovery trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qnodeservicediscoverytrojan