qnodeservice | 5c891c8b82f693d4f5cbef73c20138d61ab8e7163559d8fda56996f1219be9e1 | Triage

Sharing

General

Target

57c7e1c927fd1a70a62f9a99fcf605e9_JaffaCakes118
Size

374KB
Sample

240519-beek8sab78
MD5

57c7e1c927fd1a70a62f9a99fcf605e9
SHA1

fb9dc677bda7d868fb64b381daf0f623fb591887
SHA256

5c891c8b82f693d4f5cbef73c20138d61ab8e7163559d8fda56996f1219be9e1
SHA512

393fdb207595f4959c95684ebcd7a4332c96d23e67b020e17821ddddc6d9726c4f9bc9d62ac750def8bf83574a9a381b7a0a9ad81477e0a4a26a5a790374dc89
SSDEEP

6144:1Ar38qxBAPUU4gxHB3BTce6qHmQArH4N1Z2KQaw7JKefJYWT3zwrkYaYCRMa1QH1:1ZmBLU44hVBvArYPIKQa4Ke56kNYCRML

Score

10^/10

qnodeservice discovery trojan

Malware Config

Targets

- Target
  
  57c7e1c927fd1a70a62f9a99fcf605e9_JaffaCakes118
- Size
  
  374KB
- MD5
  
  57c7e1c927fd1a70a62f9a99fcf605e9
- SHA1
  
  fb9dc677bda7d868fb64b381daf0f623fb591887
- SHA256
  
  5c891c8b82f693d4f5cbef73c20138d61ab8e7163559d8fda56996f1219be9e1
- SHA512
  
  393fdb207595f4959c95684ebcd7a4332c96d23e67b020e17821ddddc6d9726c4f9bc9d62ac750def8bf83574a9a381b7a0a9ad81477e0a4a26a5a790374dc89
- SSDEEP
  
  6144:1Ar38qxBAPUU4gxHB3BTce6qHmQArH4N1Z2KQaw7JKefJYWT3zwrkYaYCRMa1QH1:1ZmBLU44hVBvArYPIKQa4Ke56kNYCRML
Score

10^/10

qnodeservice discovery trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

qnodeservicediscoverytrojan