MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc850eff405c60ca3073e736fcd65482b67f41ab197526485789957ae5a06c23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 2 Yara Comments

SHA256 hash: fc850eff405c60ca3073e736fcd65482b67f41ab197526485789957ae5a06c23
SHA3-384 hash: c0feb8663b074438bcb2d5276e419361b3cbd254526cbbc54b5e2f3db54eacf8b4e49def551240329c8da3c5a16ff84e
SHA1 hash: cc1a61f0196dc922ef1fe50ba529ab20369d8043
MD5 hash: cca082e8a7c4da3e81a0b203732e4f7f
humanhash: emma-jupiter-carolina-eight
File name:order list.jar
Download: download sample
Signature QNodeService
File size:12'194 bytes
First seen:2020-06-30 12:07:01 UTC
Last seen:Never
File type:Java file jar
MIME type:application/java-archive
ssdeep 192:f0PQo7TxdzwgcAL/QgLN1PUwGPWAxKPwRK/w4y5hEykGzVQm08M3eMEyBFqJDVpj:f0YuVdzwm/nLNx2x6wSEh1RE8MuMroX
TLSH 3342FA753ED5CA65F5C3387133A99212B25E83C8BB8B4107A5B054AE89E1C1F0B36BD7
Reporter @abuse_ch
Tags:jar QNodeService qua


Twitter
@abuse_ch
Malspam distributing QNodeService:

HELO: WIN-ITNPG1C39IF
Sending IP: 185.222.57.214
From: Sales1<d_seanbrian@live.com>
Subject: Re: Inquiry order template
Attachment: order list.jar

QNodeService C2:
https://bbaba2020.duckdns.org

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 31
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17104/
ClamAV SecuriteInfo.com.UDS.DangerousObject.Multi.Generic.10072.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/fc850eff405c60ca3073e736fcd65482b67f41ab197526485789957ae5a06c23/
ReversingLabs :Status:Malicious
Threat name:ByteCode-JAVA.Trojan.Ndxodmr
First seen:2020-06-30 12:08:06 UTC
AV detection:9 of 31 (29.03%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   1/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-39neazl3j6/
Tags:n/a
VirusTotal:Virustotal results 3.23%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

QNodeService

Java file jar fc850eff405c60ca3073e736fcd65482b67f41ab197526485789957ae5a06c23

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments