MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65b9dccf61b9749c5380bf61cc360b3d7e8ad8c50b843e4104c5040a10a79790. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 65b9dccf61b9749c5380bf61cc360b3d7e8ad8c50b843e4104c5040a10a79790
SHA3-384 hash: fa55d66ff04ec0323ecd3d0023e7247bc8dd541e22054bd70071063605880cfa01ca810bd027bb723b31cedf3d74580a
SHA1 hash: f5fc681e85c69c70b7ec6d5d223f5d8d5b4bbe04
MD5 hash: 8899cc56f4e52f5497fb7ec8c960dbb9
humanhash: zulu-september-bluebird-magazine
File name:EES RFQ 56-34___PDF.jar
Download: download sample
Signature QNodeService
File size:11'907 bytes
First seen:2020-06-30 08:44:54 UTC
Last seen:Never
File type:Java file jar
MIME type:application/java-archive
ssdeep 192:t/nyxcN/QtJN8cEEXoB+Rd+jErDY+v7/w5bcvKimCsJ/Qs87RVqahex:NyxG4rE4oBtEZY2vKi/sJIHRho
TLSH 8F324C767DE1D03DDA4BC233BA0EA01F99AD00CC63C8D53B84DAA6451D31DE44B72AE9
Reporter @abuse_ch
Tags:jar QNodeService qua


Twitter
@abuse_ch
Malspam distributing QNodeService:

HELO: tornevall.org
Sending IP: 139.99.90.95
From: EES - SALES <sales@ees-oman.com>
Reply-To: EES - SALES <sales@ees-ornan.com>
Subject: EES RFQ 56-34
Attachment: EES RFQ 56-34___PDF.zip (contains "EES RFQ 56-34___PDF.jar")

QNodeService C2:
https://dde.bounceme.net

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 30
Origin country FR FR
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/16996/
ClamAV SecuriteInfo.com.Java.Kryptik.D.genCamelot.24496.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/65b9dccf61b9749c5380bf61cc360b3d7e8ad8c50b843e4104c5040a10a79790/
ReversingLabs :Status:Suspicious
Threat name:ByteCode-JAVA.Trojan.Kryptik
First seen:2020-06-30 08:46:06 UTC
AV detection:4 of 48 (8.33%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   1/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-fs392cfvde/
Tags:n/a
VirusTotal:Virustotal results 6.67%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QNodeService

Java file jar 65b9dccf61b9749c5380bf61cc360b3d7e8ad8c50b843e4104c5040a10a79790

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments