Rewterz Threat Alert – Quantum Ransomware

Rewterz Threat Update – Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure – Russian-Ukrainian Cyber Warfare

April 27, 2022

Rewterz Threat Alert – RedLine Stealer – Active IOCs

April 27, 2022

Rewterz Threat Alert – Quantum Ransomware – Active IOCs

Severity

High

Analysis Summary

In August 2021, Quantum Ransomware was identified for the first time. One of the first access vectors used by the threat actors is the IcedID virus, which uses Cobalt Strike for remote access and leads to data theft and encryption using Quantum Locker. Using phishing emails with an ISO file attached, IcedID gained initial access to the target’s PC. To get beyond email security restrictions, IcedID and ISO archive are a fantastic combination. Cobalt Strike was injected two hours after the infection had begun. Threat actors eventually employed WMI and PsExec to encrypt machines and deploy the Quantum ransomware payload. The attack was completed in less than four hours, which is extremely impressive.

Impact

Unauthorized Access
Data Exfiltration
File Encryption

Indicators Of Compromise

MD5

e051009b12b37c7ee16e810c135f1fef
4a6ceabb2ce1b486398c254a5503b792
adf0907a6114c2b55349c08251efdf50
49513b3b8809312d34bb09bd9ea3eb46
350f82de99b8696fea6e189fcd4ca454

SHA-256

5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b
4a76a28498b7f391cdc2be73124b4225497232540247ca3662abd9ab2210be36
3bb2f8c2d2d1c8da2a2051bd9621099689c5cd0a6b12aa8cb5739759e843e5e6
6f6f71fa3a83da86d2aba79c92664d335acb9d581646fa6e30c35e76cf61cbb7
84f016ece77ddd7d611ffc0cbb2ce24184aeee3a2fdbb9d44d0837bc533ba238
c140ae0ae0d71c2ebaf956c92595560e8883a99a3f347dfab2a886a8fb00d4d3

SHA-1

415b27cd03d3d701a202924c26d25410ea0974d7
08a1c43bd1c63bbea864133d2923755aa2f74440
aa25ae2f9dbe514169f4526ef4a61c1feeb1386a
445294080bf3f58e9aaa3c9bcf1f346bc9b1eccb
deea45010006c8bde12a800d73475a5824ca2e6f

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.