qnodeservice | 122ec853e573ed7e7ca971846fe287534cf9105e4479a160e106e402ff2bfb90 | Triage

Sharing

General

Target

240506-wvw6fagd66_pw_infected.zip
Size

4KB
Sample

240605-egb5nsed58
MD5

03edeb01a4956a440ea0411fbda7ce88
SHA1

b0b1bd80c2e112da8f523b565a8f8b96395fb2ff
SHA256

122ec853e573ed7e7ca971846fe287534cf9105e4479a160e106e402ff2bfb90
SHA512

e3819d63e5c6e54a33856ac4842d02c75f9b9d4d42dd265a28ad4c10a139d5a137b300f702e03a8ab5a3b69f3a7bf372db6f6b8c3bebeeecbc7c2fb1cccf303f
SSDEEP

96:cfWhoZ/4opnSQlpxAFxvJeQaHbqNu+MNLGFlq6g8DRVu2NmdYTQ+Jh7l:cOoZQGrx+6QaHbB+MN6fqNyRVOiPhh

Score

10^/10

qnodeservice discovery trojan

Malware Config

Targets

- Target
  
  Adwind.exe
- Size
  
  5KB
- MD5
  
  fe537a3346590c04d81d357e3c4be6e8
- SHA1
  
  b1285f1d8618292e17e490857d1bdf0a79104837
- SHA256
  
  bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a
- SHA512
  
  50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce
- SSDEEP
  
  96:w9fXh7CBF8l1cHRDOjY4YbiPkW7UW1g+dWi9sBSy3HQNm6wx2xC7vz5:GXh78hHRDOU4YWPk2J14i9E3ymBxW+
Score

10^/10

qnodeservice discovery trojan
- QNodeService
  Trojan/stealer written in NodeJS and spread via Java downloader.
  trojan qnodeservice
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

qnodeservicediscoverytrojan