MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9ab7ef84ff8d0d6b35290ec1f0ce734f47c6b6ca46707c76356cab766a0f873. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: c9ab7ef84ff8d0d6b35290ec1f0ce734f47c6b6ca46707c76356cab766a0f873
SHA3-384 hash: c8e98d1caa0417684e51a1112757b6a559a5c32ab8c05d55f28aacb2a8e13f444948368dc98f680d4bbdd3c4c5a9967d
SHA1 hash: b1ebdc48f35043807668633c12fb43890ad8f08c
MD5 hash: 0006baec6fa6ca7b492c84797dc0f0d0
humanhash: golf-high-mirror-angel
File name:Spec-0059.jar
Download: download sample
Signature QNodeService
File size:12'689 bytes
First seen:2020-06-30 12:28:08 UTC
Last seen:Never
File type:Java file jar
MIME type:application/java-archive
ssdeep 192:FKTEmh5bNmDt9uuhBPCuMxQMTqDcaTxgH24SB+H57Dve6ep1OqZQ6bAlS:FEEmh5YnRH6uMxQmq4gk24SB2l8plbd
TLSH 124208FE7D62C63AE587257133E9E2121E0B43CCBA09850B9DF494B51894D6A07329EF
Reporter @abuse_ch
Tags:jar QNodeService qua


Twitter
@abuse_ch
Malspam distributing QNodeService:

HELO: WIN-XTLSOC29DG6
Sending IP: 103.138.108.193
From: Pieter van <marketing@gts-adriatic.rs>
Subject: Spec-0059
Attachment: Spec-0059.zip (contains "Spec-0059.jar")

QNodeService C2s:
https://rtdqhub.home-webserver.de
https://rtdqhub.redirectme.net

Intelligence


Mail intelligence
Trap location Impact
IT Italy Low
Global Low
# of uploads 1
# of downloads 24
Origin country FR FR
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17140/
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/c9ab7ef84ff8d0d6b35290ec1f0ce734f47c6b6ca46707c76356cab766a0f873/
ReversingLabs :Status:Malicious
Threat name:ByteCode-JAVA.Trojan.Mmldojt
First seen:2020-06-30 12:30:07 UTC
AV detection:8 of 48 (16.67%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   1/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-ha4p51z6k6/
Tags:n/a
VirusTotal:Virustotal results 4.92%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QNodeService

Java file jar c9ab7ef84ff8d0d6b35290ec1f0ce734f47c6b6ca46707c76356cab766a0f873

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments