Overview

overview

10

Static

static

1

85afbb8852...b7.exe

windows7-x64

10

85afbb8852...b7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7

  • Size

    75KB

  • Sample

    230228-esvfdshc5s

  • MD5

    41ba799c4931f0877d80a623ff9a3192

  • SHA1

    645ab2435541255106e0fbb8175a22bb7379836d

  • SHA256

    85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7

  • SHA512

    b2b55030993075280e6cea642569e8f11c0d835566a66dc397b5549abf7e389a6bf5f8123ebb9a32145867b8031e32a72a9e577f2854e157482c7312ad73102d

  • SSDEEP

    1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGEeoSawY:OfJGLs6BwNxnfTKsGkSar

Score
10/10
quantumransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

Ransom Note
ALL YOUR DATA IS ENCRYPTED by QUANTUM What happened? All your files are encrypted on all devices across the network Huge volume of your data including financial, customer, partner and employees data was downloaded to our internal servers What's next? If you don't get in touch with us next 48 hours, we'll start publishing your data to the Data Leaks Portal / TOR Data Leaks Portal How do I recover? There is no way to decrypt your files manually unless we provide a special decryption tool Please download TOR browser and CONTACT US for further instructions Hours Minutes Seconds

Targets

    • Target

      85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7

    • Size

      75KB

    • MD5

      41ba799c4931f0877d80a623ff9a3192

    • SHA1

      645ab2435541255106e0fbb8175a22bb7379836d

    • SHA256

      85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7

    • SHA512

      b2b55030993075280e6cea642569e8f11c0d835566a66dc397b5549abf7e389a6bf5f8123ebb9a32145867b8031e32a72a9e577f2854e157482c7312ad73102d

    • SSDEEP

      1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGEeoSawY:OfJGLs6BwNxnfTKsGkSar

    Score
    10/10
    quantumransomware

    • Quantum Ransomware

      A rebrand of the MountLocker ransomware first seen in August 2021.

      ransomwarequantum

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks