Overview

overview

10

Static

static

1

8458e0c8de...b8.exe

windows7-x64

10

8458e0c8de...b8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8458e0c8dedee593b99025ec99ad7fa692b3302e5e2aa243920dd434b732c2b8

  • Size

    75KB

  • Sample

    230228-ewtchahe33

  • MD5

    108b36a8250f1bb1d600d5d02106898c

  • SHA1

    6ca6566d0a6db3fae9a63d68e7fb7819a098d3d6

  • SHA256

    8458e0c8dedee593b99025ec99ad7fa692b3302e5e2aa243920dd434b732c2b8

  • SHA512

    8331edf61ed1d29c4eab2f283e8992e894863be5e327b35d4fe5d2a084e465b34c672f6c1a7e52ea12babce0f2328e7b56f68a51442375d3f3be1c56839225cb

  • SSDEEP

    1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGrSLYc:OfJGLs6BwNxnfTKsG8Y

Score
10/10
quantumransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

Ransom Note
ALL YOUR DATA IS ENCRYPTED by QUANTUM What happened? All your files are encrypted on all devices across the network Huge volume of your data including financial, customer, partner and employees data was downloaded to our internal servers What's next? If you don't get in touch with us next 48 hours, we'll start publishing your data to the Data Leaks Portal / TOR Data Leaks Portal How do I recover? There is no way to decrypt your files manually unless we provide a special decryption tool Please download TOR browser and CONTACT US for further instructions Hours Minutes Seconds

Targets

    • Target

      8458e0c8dedee593b99025ec99ad7fa692b3302e5e2aa243920dd434b732c2b8

    • Size

      75KB

    • MD5

      108b36a8250f1bb1d600d5d02106898c

    • SHA1

      6ca6566d0a6db3fae9a63d68e7fb7819a098d3d6

    • SHA256

      8458e0c8dedee593b99025ec99ad7fa692b3302e5e2aa243920dd434b732c2b8

    • SHA512

      8331edf61ed1d29c4eab2f283e8992e894863be5e327b35d4fe5d2a084e465b34c672f6c1a7e52ea12babce0f2328e7b56f68a51442375d3f3be1c56839225cb

    • SSDEEP

      1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGrSLYc:OfJGLs6BwNxnfTKsG8Y

    Score
    10/10
    quantumransomware

    • Quantum Ransomware

      A rebrand of the MountLocker ransomware first seen in August 2021.

      ransomwarequantum

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks