MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 789575f039cf4f7e3a720a79301ab9ad0105a54c190746810074b5a883b59785. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 789575f039cf4f7e3a720a79301ab9ad0105a54c190746810074b5a883b59785
SHA3-384 hash: 9cb538e137c8c72877a6fead17a2a739a7236ebdb35a3f74e9b88c367f03ee95f72191aaef9d353ec0eb8deb1d3a8c14
SHA1 hash: 4d93924f06d4fbcb5330670951a98a7f4b80fbab
MD5 hash: 4ad028e06dce6accce346f5c080d20b1
humanhash: pip-angel-don-fourteen
File name:Spec-0059.zip
Download: download sample
Signature QNodeService
File size:10'508 bytes
First seen:2020-06-30 12:28:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:wmvmBpBruaRmYO1rr32D5hSvGfDbch2YQmWkNbAU1UulKxAN7ijGVxioLZi2cBFO:JvmBpLOdGDyvGviSmWkNkYUWdN7CC0oR
TLSH 6422BF04638788B9DC7AE3621C8131AA50461FE99B6E90F9B36A3D1727F417A407747E
Reporter @abuse_ch
Tags:QNodeService qua zip


Twitter
@abuse_ch
Malspam distributing QNodeService:

HELO: WIN-XTLSOC29DG6
Sending IP: 103.138.108.193
From: Pieter van <marketing@gts-adriatic.rs>
Subject: Spec-0059
Attachment: Spec-0059.zip (contains "Spec-0059.jar")

QNodeService C2s:
https://rtdqhub.home-webserver.de
https://rtdqhub.redirectme.net

Intelligence


Mail intelligence
Trap location Impact
IT Italy Low
Global Low
# of uploads 1
# of downloads 26
Origin country FR FR
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/789575f039cf4f7e3a720a79301ab9ad0105a54c190746810074b5a883b59785/
ReversingLabs :Status:Malicious
Threat name:ByteCode-JAVA.Trojan.Mmldojt
First seen:2020-06-30 12:30:07 UTC
AV detection:10 of 48 (20.83%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
VirusTotal:Virustotal results 3.23%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QNodeService

zip 789575f039cf4f7e3a720a79301ab9ad0105a54c190746810074b5a883b59785

(this sample)

  
Dropping
QNodeService
  
Delivery method
Distributed via e-mail attachment

Comments