MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd1f4d87d73b27b29a680c1cf02ac909c6f879a31ff60c0177e9f8408b252ccd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


QNodeService


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd1f4d87d73b27b29a680c1cf02ac909c6f879a31ff60c0177e9f8408b252ccd
SHA3-384 hash: 029706753711a57edd3f1d664b9abd3a9a4502abcad66ebb2daae7a88851ab91226b9ab1f768c2f7af4d414b23b93c6e
SHA1 hash: 6e13e8bbd0f069f84473c47498cb65192f6c2a03
MD5 hash: 0920018e810c134749e5aac1e1776a61
humanhash: bakerloo-wisconsin-ack-jersey
File name:SKM_C258201001130020005057.7z
Download: download sample
Signature QNodeService
Create hunting rule
File size:780'656 bytes
First seen:2020-12-21 07:23:46 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 12288:bJsP8e7o+LN8cNeiTADWu06FI1euwDhGXUDqH54MTvFPPe0aN043XXB+lU3OD5f4:9pesmN8arTAaufI1eV93q54MTvFPW0aH
TLSH DCF423C8292E4A0DC9D9C55CFA2340D2D70A087DE592FBD98748D58DFC38E81AA7F9D0
Reporter abuse_ch
Tags:7z QNodeService RAT


Avatar
abuse_ch
Malspam distributing QNodeService:

HELO: s1008.xrea.com
Sending IP: 150.95.9.228
From: Elaine Wu <Elaine@hasbc.com>
Subject: FWD: Reconfirm Swift Code
Attachment: SKM_C258201001130020005057.7z (contains "SKM_C258201001130020005057.exe")

QNodeService C2:
https://severdops.ddns.net:6204

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Agent.FBBH.22618.12636.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd1f4d87d73b27b29a680c1cf02ac909c6f879a31ff60c0177e9f8408b252ccd/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2020-12-21 07:13:19 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xupu3b6xhmt3fgtibqopakwjbhdpq6ndd73ayalx5h4ebczfftgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bd1f4d87d73b27b29a680c1cf02ac909c6f879a31ff60c0177e9f8408b252ccd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QNodeService

7z bd1f4d87d73b27b29a680c1cf02ac909c6f879a31ff60c0177e9f8408b252ccd

(this sample)

QNodeService

Executable exe 1c29149081e94e1ad00a2575210eada3b8a9c23e7dc9230c17870078f7e5d619

  
Dropping
MD5 edab163a753ba918089ca191002f87ac
  
Dropping
QNodeService
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c29149081e94e1ad00a2575210eada3b8a9c23e7dc9230c17870078f7e5d619

Comments