MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d19e6201d033366ca89123177f5e53904f06f043dca06d162578920e064e34f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 2 Yara Comments

SHA256 hash: d19e6201d033366ca89123177f5e53904f06f043dca06d162578920e064e34f2
SHA3-384 hash: f72688951080ed7c012987881f15c4230a65c40a47d85e60cc42103d9d6d2f0025326adbd113de2c22e4ec69f8d1b7fa
SHA1 hash: 17ecf45e01685a6eb6f664984774f0e393136962
MD5 hash: 072a7dde70bb530505d079fa0e58f5b3
humanhash: muppet-violet-yellow-freddie
File name:purchase_order_june2020.jar
Download: download sample
Signature QNodeService
File size:13'302 bytes
First seen:2020-06-30 13:48:51 UTC
Last seen:Never
File type:Java file jar
MIME type:application/java-archive
ssdeep 192:dNgWyojB7AR5x9TnR/YjDabTdqZF3n6iM41HyF7yOWrUzqlTEngDe71vI/bRJi+r:E/fDFMDaHdK3nDpHsJOUzjngCw/tIVi
TLSH 4F522AA43DA54925F8832131377D85179E1A0BCBBF19851BB7E0846219B09AF3733ACF
Reporter @abuse_ch
Tags:jar QNodeService qua


Twitter
@abuse_ch
Malspam distributing QNodeService:

From: "Ignat" <ignatp@tasknissan.co.za>
Subject: purchase
Attachment: purchase_order_june2020.jar

QNodeService C2:
https://nanatools.ddns.net

Intelligence


Mail intelligence
Trap location Impact
Global Low
CH Switzerland Low
IT Italy Low
# of uploads 1
# of downloads 35
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17252/
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/d19e6201d033366ca89123177f5e53904f06f043dca06d162578920e064e34f2/
ReversingLabs :Status:Benign
Threat name:No data
First seen:2020-06-30 13:50:07 UTC
AV detection:2 of 48 (4.17%)
Trust factor:
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   1/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-6tccqwyr4a/
Tags:n/a
VirusTotal:Virustotal results 5.00%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QNodeService

Java file jar d19e6201d033366ca89123177f5e53904f06f043dca06d162578920e064e34f2

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments