qnodeservice | 7c5fdd36fe745bce894ca7dfc83471e2da643a7e19a99925d72982a20eb0450b | Triage

Sharing

General

Target

4f183565fef44ff8c3519fb87dee9da2_JaffaCakes118
Size

386KB
Sample

240517-jw54hsgh82
MD5

4f183565fef44ff8c3519fb87dee9da2
SHA1

b291bd572fcf8f04afc15b2a13f484bbb1c3a5f2
SHA256

7c5fdd36fe745bce894ca7dfc83471e2da643a7e19a99925d72982a20eb0450b
SHA512

5800430e82f1b34438e0bb86c4baefec9d2a2b32949961dbf8f1ba7ca4d441af9b492bded0d1194dc3b6c25a81ea323b5926858cb0cb208f41628d5017fe0bb7
SSDEEP

6144:Nx1J8CG1KzE5JF1TS904W1fYtnyuoVkGKmh94OkmFPsxGl7quSL/:31VQKY5JFRSustnqC3MxkmF0u2uSj

Score

10^/10

qnodeservice discovery trojan

Malware Config

Targets

- Target
  
  4f183565fef44ff8c3519fb87dee9da2_JaffaCakes118
- Size
  
  386KB
- MD5
  
  4f183565fef44ff8c3519fb87dee9da2
- SHA1
  
  b291bd572fcf8f04afc15b2a13f484bbb1c3a5f2
- SHA256
  
  7c5fdd36fe745bce894ca7dfc83471e2da643a7e19a99925d72982a20eb0450b
- SHA512
  
  5800430e82f1b34438e0bb86c4baefec9d2a2b32949961dbf8f1ba7ca4d441af9b492bded0d1194dc3b6c25a81ea323b5926858cb0cb208f41628d5017fe0bb7
- SSDEEP
  
  6144:Nx1J8CG1KzE5JF1TS904W1fYtnyuoVkGKmh94OkmFPsxGl7quSL/:31VQKY5JFRSustnqC3MxkmF0u2uSj
Score

10^/10

qnodeservice discovery trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qnodeservicediscoverytrojan