General

  • Target

    Quantis V1.5.zip

  • Size

    26.5MB

  • MD5

    e9d0042db65238cc4eec4e43ce4730ef

  • SHA1

    cc65b0afeefac5c6853a9949c7c63deaf7a21081

  • SHA256

    6310587b2cc186e0ad7b38e89843b3cf32af112a07e974868d2ec7e36fb39f10

  • SHA512

    0c69b96020b79441f0f62d1fedf7836b55f3ab625c473b563a84877eb6552f4fead37cb6314dc9f02bc9f101e147eb821740e88f2500b2e2c271018e9f96f41d

  • SSDEEP

    786432:cNEkZPsHDEpDmvOncFjFlD7iOMGSRIqrYK:cNHBs8DmYQBiBQK

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

ydvXWMer35mRfdLm

Attributes
  • Install_directory

    %AppData%

  • install_file

    taskhostw.exe

  • pastebin_url

    https://pastebin.com/raw/BE52BVvz

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Embeds OpenSSL 1 IoCs

    Embeds OpenSSL, may be used to circumvent TLS interception.

  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

Files

  • Quantis V1.5.zip
    .zip
  • Quantis V1.4/Microsoft.Web.WebView2.Core.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Quantis V1.4/Microsoft.Web.WebView2.WinForms.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Quantis V1.4/Microsoft.Web.WebView2.Wpf.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Quantis V1.4/Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Quantis V1.4/Quantis.dll
    .dll windows:6 windows x64 arch:x64

    a223f56e7902e83acaa81d4183486990


    Headers

    Imports

    Exports

    Sections

  • Quantis V1.4/Quantis.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Quantis V1.4/QuantisUI.deps.json
  • Quantis V1.4/QuantisUI.dll
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • Quantis V1.4/QuantisUI.runtimeconfig.json
  • Quantis V1.4/bin/Monaco/index.html
    .html .js polyglot
  • Quantis V1.4/bin/Monaco/vs/base/worker/workerMain.js
    .js
  • Quantis V1.4/bin/Monaco/vs/basic-languages/lua/lua.js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.css
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.js
    .js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.nls.de.js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.nls.es.js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.nls.fr.js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.nls.it.js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.nls.ja.js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.nls.js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.nls.ko.js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.nls.ru.js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.nls.zh-cn.js
  • Quantis V1.4/bin/Monaco/vs/editor/editor.main.nls.zh-tw.js
  • Quantis V1.4/bin/Monaco/vs/loader.js
    .js
  • Quantis V1.4/bin/editor.lua
  • Quantis V1.4/key.txt
  • Quantis V1.4/libcrypto-3-x64.dll
    .dll windows:6 windows x64 arch:x64

    680b5c239d82da8e527bf24b921948fd


    Headers

    Imports

    Exports

    Sections

  • Quantis V1.4/libssl-3-x64.dll
    .dll windows:6 windows x64 arch:x64

    b14ebe784f458189a17382fee793f658


    Headers

    Imports

    Exports

    Sections

  • Quantis V1.4/runtimes/win-arm64/native/WebView2Loader.dll
  • Quantis V1.4/runtimes/win-x64/native/WebView2Loader.dll
    .dll windows:10 windows x64 arch:x64

    f6946d311bccc86e2042a388e375de41


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Quantis V1.4/runtimes/win-x86/native/WebView2Loader.dll
    .dll windows:10 windows x86 arch:x86

    72229ff546c74d09d9030ca49ce61b31


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Quantis V1.4/xxhash.dll
    .dll windows:6 windows x64 arch:x64

    fba6b233846a2ea5e6907e23b2de9a26


    Headers

    Imports

    Exports

    Sections

  • Quantis V1.4/zstd.dll
    .dll windows:6 windows x64 arch:x64

    f32e8587cacdf9095c309b87f2877ebb


    Headers

    Imports

    Exports

    Sections