Overview

overview

10

Static

static

1

76c75318d9...d0.exe

windows7-x64

10

76c75318d9...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76c75318d96c33c268f5e3454b1d220761c3a62a94775fee7e6df6423dd7e8d0

  • Size

    64KB

  • Sample

    230228-ezwa9shc6x

  • MD5

    b0b3acefd8c8ae6f30daf7610cacb78a

  • SHA1

    8b713f8940c1a275eaf8399e6e44967925e46863

  • SHA256

    76c75318d96c33c268f5e3454b1d220761c3a62a94775fee7e6df6423dd7e8d0

  • SHA512

    37cb13a9ff501583f6948d6f427f451ba6d6d7db4067d13146fe75cc4483ce8a5e104c161da3995f88026bc8801ed3750a875222484d8a41895755dcf94e1f0d

  • SSDEEP

    768:GnJ9uwtbJD/QpEdTrArzVpCK1w22TYgNvCJ037FLxZKQJRNz0TqXUNxlEfZf3u0L:G+wr1AB0AwB57F9npz0Ta5fRu0L

Score
10/10
quantumransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

Ransom Note
ALL YOUR DATA IS ENCRYPTED by QUANTUM What happened? All your files are encrypted on all devices across the network Huge volume of your data including financial, customer, partner and employees data was downloaded to our internal servers What's next? If you don't get in touch with us next 48 hours, we'll start publishing your data to the Data Leaks Portal / TOR Data Leaks Portal How do I recover? There is no way to decrypt your files manually unless we provide a special decryption tool Please download TOR browser and CONTACT US for further instructions Hours Minutes Seconds

Targets

    • Target

      76c75318d96c33c268f5e3454b1d220761c3a62a94775fee7e6df6423dd7e8d0

    • Size

      64KB

    • MD5

      b0b3acefd8c8ae6f30daf7610cacb78a

    • SHA1

      8b713f8940c1a275eaf8399e6e44967925e46863

    • SHA256

      76c75318d96c33c268f5e3454b1d220761c3a62a94775fee7e6df6423dd7e8d0

    • SHA512

      37cb13a9ff501583f6948d6f427f451ba6d6d7db4067d13146fe75cc4483ce8a5e104c161da3995f88026bc8801ed3750a875222484d8a41895755dcf94e1f0d

    • SSDEEP

      768:GnJ9uwtbJD/QpEdTrArzVpCK1w22TYgNvCJ037FLxZKQJRNz0TqXUNxlEfZf3u0L:G+wr1AB0AwB57F9npz0Ta5fRu0L

    Score
    10/10
    quantumransomware

    • Quantum Ransomware

      A rebrand of the MountLocker ransomware first seen in August 2021.

      ransomwarequantum

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks