Overview

overview

10

Static

static

1

8fe49892d5...de.exe

windows7-x64

10

8fe49892d5...de.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fe49892d510470e049d8c2e5523fa1841b20ccc89406fd91055950f90a5eede

  • Size

    75KB

  • Sample

    230301-rpcgmage43

  • MD5

    e6069bc78167d8da9639314064898331

  • SHA1

    1bb64d0a37b671c39fff479939bf4f8f0fe0f8d2

  • SHA256

    8fe49892d510470e049d8c2e5523fa1841b20ccc89406fd91055950f90a5eede

  • SHA512

    7fdb2e0f4e89ad1ba09c4b08888cb1244a947916759929a730794b5b944d757eaf6880ef6b3553be7d35da0b360ae3819e8792a0db8c9594d6b156224ca0e2f7

  • SSDEEP

    1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGtGB9NK/A:OfJGLs6BwNxnfTKsGtG9K/

Score
10/10
quantumransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

Ransom Note
ALL YOUR DATA IS ENCRYPTED by QUANTUM What happened? All your files are encrypted on all devices across the network Huge volume of your data including financial, customer, partner and employees data was downloaded to our internal servers What's next? If you don't get in touch with us next 48 hours, we'll start publishing your data to the Data Leaks Portal How do I recover? There is no way to decrypt your files manually unless we provide a special decryption tool Please download TOR browser and CONTACT US for further instructions Hours Minutes Seconds

Targets

    • Target

      8fe49892d510470e049d8c2e5523fa1841b20ccc89406fd91055950f90a5eede

    • Size

      75KB

    • MD5

      e6069bc78167d8da9639314064898331

    • SHA1

      1bb64d0a37b671c39fff479939bf4f8f0fe0f8d2

    • SHA256

      8fe49892d510470e049d8c2e5523fa1841b20ccc89406fd91055950f90a5eede

    • SHA512

      7fdb2e0f4e89ad1ba09c4b08888cb1244a947916759929a730794b5b944d757eaf6880ef6b3553be7d35da0b360ae3819e8792a0db8c9594d6b156224ca0e2f7

    • SSDEEP

      1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGtGB9NK/A:OfJGLs6BwNxnfTKsGtG9K/

    Score
    10/10
    quantumransomware

    • Quantum Ransomware

      A rebrand of the MountLocker ransomware first seen in August 2021.

      ransomwarequantum

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks