qnodeservice | a3b9d353ef66b0e9f9920e9f4d520e67e40f9f8ac855edf42bfa3be4492fcf1d | Triage

Sharing

General

Target

724141c6922ab8e19c262d269aa8aee1_JaffaCakes118
Size

425KB
Sample

240525-rq3efaff41
MD5

724141c6922ab8e19c262d269aa8aee1
SHA1

0d2bf53fa5138aa22b1585f5c5093dfbe65dfcd0
SHA256

a3b9d353ef66b0e9f9920e9f4d520e67e40f9f8ac855edf42bfa3be4492fcf1d
SHA512

56bf9442c7d94ffcef529d9790dfda4690e6f97377b18c085d15ff01dddeeedc045099bb497c782d7436d7550b8d9961c9433a6ba1fee961eb24bceecd734d74
SSDEEP

12288:whSM3uQPBuy9mwsG+BXT4zsvuXEAr/qWy5khwG/:whSUuQpBxsG+NT4dXrriWGSH/

Score

10^/10

qnodeservice discovery trojan

Malware Config

Targets

- Target
  
  724141c6922ab8e19c262d269aa8aee1_JaffaCakes118
- Size
  
  425KB
- MD5
  
  724141c6922ab8e19c262d269aa8aee1
- SHA1
  
  0d2bf53fa5138aa22b1585f5c5093dfbe65dfcd0
- SHA256
  
  a3b9d353ef66b0e9f9920e9f4d520e67e40f9f8ac855edf42bfa3be4492fcf1d
- SHA512
  
  56bf9442c7d94ffcef529d9790dfda4690e6f97377b18c085d15ff01dddeeedc045099bb497c782d7436d7550b8d9961c9433a6ba1fee961eb24bceecd734d74
- SSDEEP
  
  12288:whSM3uQPBuy9mwsG+BXT4zsvuXEAr/qWy5khwG/:whSUuQpBxsG+NT4dXrriWGSH/
Score

10^/10

qnodeservice discovery trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Executes dropped EXE
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

qnodeservicediscoverytrojan