General
-
Target
QUANTUMBUILDER.7z
-
Size
7.6MB
-
Sample
240608-p4rhzscf95
-
MD5
7df51d52383286a3aea91c611f28ea21
-
SHA1
b85bbe7732f5f541a035552713b63d714d74002d
-
SHA256
14fd87baefddee9626eb957848f13b77b0eeede39fb682b5b979eeea81f5d0c8
-
SHA512
600a2b1dfd30d8c449825389a88a3fc9302d16146f75da00ee3d203b72735f254907534a014f1b9e15a96552bbf242c98f3a304863b86ea9f351b6d110309148
-
SSDEEP
196608:Mc76ggGPY7NDlmH8IMV8f7JEvaspO55Gz4UHBKnsjQisxy:/OASDMc8fmyt55teKFZg
Behavioral task
behavioral1
Sample
QUANTUMBUILDER/QuantumBuilder.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
QUANTUMBUILDER/QuantumBuilder.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
QUANTUMBUILDER/img/img/index.html
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
QUANTUMBUILDER/img/img/index.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
QUANTUMBUILDER/img/index.html
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
QUANTUMBUILDER/img/index.html
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://rentry.org/FUCKOFFNIGGA/raw
Extracted
https://bitbucket.org/gedegrereghh/fuckyougithub/raw/37140025d15f5d49ec2bd023f7557f06268d7c49/pancake-unpacked.rar
Targets
-
-
Target
QUANTUMBUILDER/QuantumBuilder.exe
-
Size
7KB
-
MD5
960d70161f0ac1ddd8093955446bdcbc
-
SHA1
5943c81939f9b43228e2fe2f65e90c54660ae47f
-
SHA256
31e6573e37d06a71b3025c0e9ed4901093ed5262bc60bbbdf7ce1ed28ebb021a
-
SHA512
8f3f6091fb3d09d4cdb0f9540bbbc2de0562dd5bb77c8446db49f274be7b173cbc0aa24206e25838cc6b6c6578440c0ecfd1a17acc94c50ebd014cbe16617c14
-
SSDEEP
192:+9yqvjp73xsznGjcJr9emxan6mUqlwc6nYZKvkV/9dXq:+9Jv1dOnGjcJrQmxan6m/ec6nYZSkV/2
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
QUANTUMBUILDER/img/img/index.html
-
Size
118B
-
MD5
8ddffaa30cd272bc227aa4512178333d
-
SHA1
4ad402f07ab5ce9de7bcd0783ffe865e29c82159
-
SHA256
d377e770b95cc5dfa75da9c7a5cf77a3af68cd2dc59df39bdc911607067a2b87
-
SHA512
071f19219033b068f35de6ace69e5fbfd2ac219b7ded08ea11e4433431ec036dc6cb4f0068782f0226bb4554afc5bbb4d7db179e6a1e32531df4e8c49d85f279
Score1/10 -
-
-
Target
QUANTUMBUILDER/img/index.html
-
Size
101B
-
MD5
9673750fbe393bb5ff81433b566a1919
-
SHA1
15de2d8eec753e0219922b437fcd89e335d28e2a
-
SHA256
5ed8096042789c866ded5da853200c75b471dabe6d522a68df1a8f831969e930
-
SHA512
14f07cf27b8fd93f857880c650d5d0fd607b158dadbf0b06899364448caf149eb92b22ef3a3717f5b401a6b1cffbe9be43bfdf784d359279c36d947add626672
Score1/10 -