Overview

overview

10

Static

static

1

d9ccbf38c1...ad.exe

windows7-x64

10

d9ccbf38c1...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9ccbf38c1234f851767aff6c5a3d69c66024088830612ccbd98fdee263865ad

  • Size

    75KB

  • Sample

    230301-vq136ahc27

  • MD5

    14803cb39cd81efd2a40a38a58dcba70

  • SHA1

    fe328839ea5f9a472ee47b68ca92c0d7eac2a47c

  • SHA256

    d9ccbf38c1234f851767aff6c5a3d69c66024088830612ccbd98fdee263865ad

  • SHA512

    fa4c9d6e80a47a2898b427108326642e551e9611238032d58be8f15498841509e4bf33b20504e93f508b451b55387d1f1053776c70cc11d0975f740beb395b7e

  • SSDEEP

    1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGOi5Lc:OfJGLs6BwNxnfTKsGOu

Score
10/10
quantumransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

Ransom Note
ALL YOUR DATA IS ENCRYPTED by QUANTUM What happened? All your files are encrypted on all devices across the network Huge volume of your data including financial, customer, partner and employees data was downloaded to our internal servers What's next? If you don't get in touch with us next 48 hours, we'll start publishing your data to the Data Leaks Portal How do I recover? There is no way to decrypt your files manually unless we provide a special decryption tool Please download TOR browser and CONTACT US for further instructions Hours Minutes Seconds

Targets

    • Target

      d9ccbf38c1234f851767aff6c5a3d69c66024088830612ccbd98fdee263865ad

    • Size

      75KB

    • MD5

      14803cb39cd81efd2a40a38a58dcba70

    • SHA1

      fe328839ea5f9a472ee47b68ca92c0d7eac2a47c

    • SHA256

      d9ccbf38c1234f851767aff6c5a3d69c66024088830612ccbd98fdee263865ad

    • SHA512

      fa4c9d6e80a47a2898b427108326642e551e9611238032d58be8f15498841509e4bf33b20504e93f508b451b55387d1f1053776c70cc11d0975f740beb395b7e

    • SSDEEP

      1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGOi5Lc:OfJGLs6BwNxnfTKsGOu

    Score
    10/10
    quantumransomware

    • Quantum Ransomware

      A rebrand of the MountLocker ransomware first seen in August 2021.

      ransomwarequantum

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks