Overview

overview

10

Static

static

1

4d118d83c3...47.exe

windows7-x64

10

4d118d83c3...47.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d118d83c3192a771479d6e392d62a109aea4ca8dce81a0c6c0fe50329b15147

  • Size

    75KB

  • Sample

    230228-egpe1ahd72

  • MD5

    0c2798b083fbf6a6e175cc68512d1dcf

  • SHA1

    5e74f28cbc8387bad3a6745f532c3f283d4af9d2

  • SHA256

    4d118d83c3192a771479d6e392d62a109aea4ca8dce81a0c6c0fe50329b15147

  • SHA512

    415411f85e4facaad08896d7363918834e6abccf7c2661f0f02cdb4bbcf22693353f17831a36aeddf40ba0d93e997981b4f4b7986eea90cd35ed25d6a7febe5e

  • SSDEEP

    1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJG+prBF:OfJGLs6BwNxnfTKsG+prB

Score
10/10
quantumransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

Ransom Note
ALL YOUR DATA IS ENCRYPTED by QUANTUM What happened? All your files are encrypted on all devices across the network Huge volume of your data including financial, customer, partner and employees data was downloaded to our internal servers What's next? If you don't get in touch with us next 48 hours, we'll start publishing your data to the Data Leaks Portal / TOR Data Leaks Portal How do I recover? There is no way to decrypt your files manually unless we provide a special decryption tool Please download TOR browser and CONTACT US for further instructions Hours Minutes Seconds

Targets

    • Target

      4d118d83c3192a771479d6e392d62a109aea4ca8dce81a0c6c0fe50329b15147

    • Size

      75KB

    • MD5

      0c2798b083fbf6a6e175cc68512d1dcf

    • SHA1

      5e74f28cbc8387bad3a6745f532c3f283d4af9d2

    • SHA256

      4d118d83c3192a771479d6e392d62a109aea4ca8dce81a0c6c0fe50329b15147

    • SHA512

      415411f85e4facaad08896d7363918834e6abccf7c2661f0f02cdb4bbcf22693353f17831a36aeddf40ba0d93e997981b4f4b7986eea90cd35ed25d6a7febe5e

    • SSDEEP

      1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJG+prBF:OfJGLs6BwNxnfTKsG+prB

    Score
    10/10
    quantumransomware

    • Quantum Ransomware

      A rebrand of the MountLocker ransomware first seen in August 2021.

      ransomwarequantum

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks