Overview
overview
10Static
static
10quanta v1....ta.exe
windows7-x64
7quanta v1....ta.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3General
-
Target
quanta v1.02.zip
-
Size
93.0MB
-
Sample
240702-fw9j6a1fjl
-
MD5
df001e327d8d3d440ff4010ae8c467b0
-
SHA1
2fd0c43e3b84a8c40067963106c4b424cc3a184d
-
SHA256
5455df597e310a217efb2db99d44959593779e79f24534641c1eec7071305beb
-
SHA512
dc78766357137f9b99a01a9017278c8cbb02088c6ce21f3d83c86d799971a98ef972e64e452658f2b2fc0b8c581bf8f2f37963eaff4418c35b8aeb415d5607b8
-
SSDEEP
1572864:/ow/YoU1JmCZptNusQx/xcSCgh8PxkZ5r0Xp+VfZGhfXihCLfiW4lwhIKb3vwBwW:/LYoU1NZptNuPzcSf+p2AcVs1yhC1IKm
Behavioral task
behavioral1
Sample
quanta v1.02/quanta.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
quanta v1.02/quanta.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
passwords_grabber.pyc
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
passwords_grabber.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
quanta v1.02/quanta.exe
-
Size
84.3MB
-
MD5
dbedb253f30e73da91a330da5eb50e53
-
SHA1
193886c798f19633a32e9d2053e60b3ef36257ac
-
SHA256
c23664ce2d67476fd500b256a5c6f73673db14a17efbb82580ad4ca561c5dd7f
-
SHA512
013898e19c3d318a2b9c5ec11680688b6f876bf8815756a9498d2a3787af4cac57684ea230d365b63304ad2d66d07d785c5b2d3b07ed1a36462f210e41e7fb38
-
SSDEEP
1572864:zvNBYQgl8NSk8IpG7V+VPhqptgWUZtgWbblgAuPRQvljSvOul/JGZGHkVoWGLtSM:zvNBYxmSkB05awYWUIWPeAu2wOuNzZa
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
discord_token_grabber.pyc
-
Size
17KB
-
MD5
db40ce247b464d3ac0d15080f22ce442
-
SHA1
eb10f081e16c9566f1b487d39eda3fb8fa4b0de5
-
SHA256
74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046
-
SHA512
c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e
-
SSDEEP
384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
ddc40a1cee51500039f5c98ef7b1d3c9
-
SHA1
1e65cf0d7acb74e429844d2ee5b2d39369d17750
-
SHA256
1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436
-
SHA512
c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db
-
SSDEEP
192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
8KB
-
MD5
1ca5633be35a5db415bc83be9852bf0e
-
SHA1
710a4da76579449bb0b45eecedd42aea82ba6b35
-
SHA256
07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099
-
SHA512
9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb
-
SSDEEP
192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1