- First seen: July 2021
- Aliases: Quantum Locker
- Samples:
- 91e66f0edfa5f0277e127b599517b497cf0204b181f32ce1aab8f9faa749ec40 | windows | ransom | pe
- 8458e0c8dedee593b99025ec99ad7fa692b3302e5e2aa243920dd434b732c2b8 | windows | ransom | pe
| Property | Value |
|---|---|
| Size | 287232 bytes |
| CRC32 | 0xc17e73ec |
| MD5 | 07ab0e48a422308845f035b12abf7104 |
| SHA1 | b231e65fa596852f951024a0dde394cf20e0f153 |
| SHA256 | 91e66f0edfa5f0277e127b599517b497cf0204b181f32ce1aab8f9faa749ec40 |
| SHA512 | 0d5b8231d244fd035365aa32fdc2d76fd57016a3243e875035f6563d72992dbf464f5d5e336bbf561bfccc70732e6517736a2aec13bd42bdd2c9ae2df998ad7e |
| Ssdeep | 6144:He3Ic88TvqMZNMlnibi9jLv9P9kO6ChLv9P9kO6Cn:X4wntLl2+Ll2E |
| Magic | PE32+ executable (GUI) x86-64, for MS Windows |
| Packer | PE+(64): compiler: Microsoft Visual C/C++(2010)[-] PE+(64): linker: Microsoft Linker(10.0)[EXE64] |
| TrID | 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1) |
- Avast: Win64:Evo-gen [Trj]
- Avira: TR/Redcap.xqmxi
- Bitdefender: Gen:Variant.Lazy.179167
+ Clamav: clean
- Comodo: Malware
- Drweb: Trojan.Encoder.35281
- Eset: Win32/Kryptik.HPNX
- Fsecure: Trojan.TR/Redcap.xqmxi
- Kaspersky: Trojan-Ransom.Win32.MountLocker.x
- Mcafee: RDN/Ransom
+ Sophos: clean
+ Symantec: clean
- Trendmicro: TROJ_FRS.0NA103EA22
- Windefender: Ransom:Win64/QuantumLocker.AA!MTB| Property | Value |
|---|---|
| Size | 76800 bytes |
| CRC32 | 0xfa4e71be |
| MD5 | 108b36a8250f1bb1d600d5d02106898c |
| SHA1 | 6ca6566d0a6db3fae9a63d68e7fb7819a098d3d6 |
| SHA256 | 8458e0c8dedee593b99025ec99ad7fa692b3302e5e2aa243920dd434b732c2b8 |
| SHA512 | 8331edf61ed1d29c4eab2f283e8992e894863be5e327b35d4fe5d2a084e465b34c672f6c1a7e52ea12babce0f2328e7b56f68a51442375d3f3be1c56839225cb |
| Ssdeep | 1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGrSLYc:OfJGLs6BwNxnfTKsG8Y |
| Magic | PE32+ executable (GUI) x86-64, for MS Windows |
| Packer | PE+(64): linker: Microsoft Linker(14.28**)[EXE64] |
| TrID | 59.8% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 18.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.3% (.EXE) OS/2 Executable (generic) (2029/13) 7.2% (.EXE) Generic Win/DOS Executable (2002/3) 7.2% (.EXE) DOS Executable Generic (2000/1) |
- Avast: Win64:RansomX-gen [Ransom]
+ Avira: clean
- Bitdefender: Gen:Variant.Lazy.170807
+ Clamav: clean
+ Comodo: clean
- Drweb: Trojan.Encoder.35731
- Eset: Win64/Filecoder.MountLocker.E
- Fsecure: Heuristic.HEUR/AGEN.1250484
- Kaspersky: Trojan-Ransom.Win32.MountLocker.ao
+ Mcafee: clean
+ Sophos: clean
+ Symantec: clean
- Trendmicro: Ransom.Win64.QUANTUMLOCKER.SMYXCCJ
- Windefender: Ransom:Win64/QuantumLocker.AA!MTB- https://www.avertium.com/resources/threat-reports/an-in-depth-look-at-quantum-ransomware
- https://thedfirreport.com/2022/04/25/quantum-ransomware/
- https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware
- https://securityscorecard.pathfactory.com/research/quantum-ransomware
- https://darktrace.com/blog/when-speedy-attacks-arent-enough-prolonging-quantum-ransomware