Overview

overview

10

Static

static

10

quanta v1....ta.exe

windows7-x64

7

quanta v1....ta.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

Resubmissions

02-07-2024 05:14

240702-fw9j6a1fjl 10

02-07-2024 05:06

240702-frtm5sxcnc 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    quanta v1.02.zip

  • Size

    93.0MB

  • Sample

    240702-fw9j6a1fjl

  • MD5

    df001e327d8d3d440ff4010ae8c467b0

  • SHA1

    2fd0c43e3b84a8c40067963106c4b424cc3a184d

  • SHA256

    5455df597e310a217efb2db99d44959593779e79f24534641c1eec7071305beb

  • SHA512

    dc78766357137f9b99a01a9017278c8cbb02088c6ce21f3d83c86d799971a98ef972e64e452658f2b2fc0b8c581bf8f2f37963eaff4418c35b8aeb415d5607b8

  • SSDEEP

    1572864:/ow/YoU1JmCZptNusQx/xcSCgh8PxkZ5r0Xp+VfZGhfXihCLfiW4lwhIKb3vwBwW:/LYoU1NZptNuPzcSf+p2AcVs1yhC1IKm

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      quanta v1.02/quanta.exe

    • Size

      84.3MB

    • MD5

      dbedb253f30e73da91a330da5eb50e53

    • SHA1

      193886c798f19633a32e9d2053e60b3ef36257ac

    • SHA256

      c23664ce2d67476fd500b256a5c6f73673db14a17efbb82580ad4ca561c5dd7f

    • SHA512

      013898e19c3d318a2b9c5ec11680688b6f876bf8815756a9498d2a3787af4cac57684ea230d365b63304ad2d66d07d785c5b2d3b07ed1a36462f210e41e7fb38

    • SSDEEP

      1572864:zvNBYQgl8NSk8IpG7V+VPhqptgWUZtgWbblgAuPRQvljSvOul/JGZGHkVoWGLtSM:zvNBYxmSkB05awYWUIWPeAu2wOuNzZa

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      17KB

    • MD5

      db40ce247b464d3ac0d15080f22ce442

    • SHA1

      eb10f081e16c9566f1b487d39eda3fb8fa4b0de5

    • SHA256

      74475975b9fc2e15a1432b8e4930b6a8a25dd63511bbc2628ae81483dd569046

    • SHA512

      c614c93d3ad758bfe1155864328626b98900e95e06c504641f0286ee40e4e0e24eb4d83b06af576e7799d517aae8404f5c9acdc64315c594319c29e13a77b81e

    • SSDEEP

      384:cGllyAavwW9FaOx817PPQviowoYbCj+MoGWTd0Da8:cIlytvN9oOx8JnQ6owoYOyMImDa8

    Score
    3/10
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      10KB

    • MD5

      ddc40a1cee51500039f5c98ef7b1d3c9

    • SHA1

      1e65cf0d7acb74e429844d2ee5b2d39369d17750

    • SHA256

      1201adef44d0ba8be86b7d4aa4e8f69f1f8f800522fa574291974a3b40250436

    • SHA512

      c9a89f5fe6ef87d7d8ce63a59f87fd5684d91e5dccfda644d84a40d5316b85b9930e90f096f13e811f646da724bc267ac853c15e451a6888083d5ab0572f27db

    • SSDEEP

      192:TzOCIeivQfUFPLqwOEVOFc1mNe47+S5zEzzzzz1zz+HoowAE:TzOUi4aFEe4KSPIAE

    Score
    3/10
    behavioral5behavioral6

    • Target

      passwords_grabber.pyc

    • Size

      8KB

    • MD5

      1ca5633be35a5db415bc83be9852bf0e

    • SHA1

      710a4da76579449bb0b45eecedd42aea82ba6b35

    • SHA256

      07a93aa41dbdcd8962b2ad1fcbd7c1bf661130c1cf050a5a4ef6821d30893099

    • SHA512

      9ac14821d21d9c7345b6cf51d9e1c31f908590fadca061ed4f5c50ea7cd28c92b169aa7985873876989e7108946090695a4c782d8251f5061d27cea7c2f35ccb

    • SSDEEP

      192:+CE34EAL/GFf/PoXdLO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfsFO8NsxuOxNn

    Score
    3/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

1
T1112

Credential Access

Discovery

File and Directory Discovery

1
T1083

Virtualization/Sandbox Evasion

1
T1497

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks