Quantum Software: LNK File-Based Builders Growing In Popularity

2022-06-22 Cyble

https://blog.cyble.com/2022/06/22/quantum-software-lnk-file-based-builders-growing-in-popularity/

Thumbnail for Quantum Software: LNK File-Based Builders Growing In Popularity

Cyble analyzed Quantum Software, also called Quantum Builder, a criminal LNK, HTA, and ISO builder advertised with extension spoofing, icon customization, payload URLs, DLL support, UAC-bypass options, and claimed DogWalk exploitation. The observed LNK sample executed obfuscated PowerShell that launched mshta against quantum-software[.]online to retrieve an HTA payload, illustrating abuse of LOLBins for phishing delivery and defense evasion. Cyble noted a possible Lazarus connection because recent Lazarus LNK delivery samples used a similar deobfuscation loop and variable initialization, but the report presents this as a tentative association rather than confirmed attribution.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 924be824edb54f917d52e43a551c0eb… 2022-06-22 2022-06-22
HASH 04e8a5c6e5797b0f436ca36452170a2f 2022-06-22 2022-06-22
HASH b9899082824f1273e53cbf1d455f360… 2022-06-22 2022-06-22
HASH 2f6c1def83936139425edfd611a5a1f… 2022-06-22 2022-06-22
HASH dfdde88da020e584038d2656d0e3d48… 2022-06-22 2022-06-22
URL https://quantum-software.online… 2022-06-22 2022-06-22
DOMAIN quantum-software.online 2022-06-22 2022-06-22
HASH 52b0b06ab4cf6c6b1a13d8eec2705e3b 2022-06-02 2022-06-22

Related Reports

2019-08-26 • 33% Match
#Kimsuky #G0094 #T1082 #T1140 #T1005 #T1041 #T1555 #T1560 #T1112 #T1083 #T1036 #T1027 #T1567 #T1071 #T1204 #T1552 #T1057 #T1053 #T1566 #T1102 #T1059 #T1003 #T1105 #T1219 #T1055 #T1543 #T1078 #T1133 #T1218 #T1190 #T1588 #T1114 #T1098 #T1593 #T1589 #T1016 #T1587 #T1111 #T1591 #T1585 #T1598 #T1583 #T1594 #T1557 #T1547 #T1562 #T1608 #T1546 #T1070 #T1074 #T1056 #T1586 #T1176 #T1553 #T1012 #T1534 #T1007 #T1518 #T1021 #T1040 #T1564 #T1584 #T1136 #T1505 #T1550
Shares tags: T1140, T1204, T1566
2017-05-31 • 33% Match
#G0032 #T1082 #T1090 #T1140 #T1005 #T1041 #T1560 #T1046 #T1083 #T1497 #T1036 #T1027 #T1567 #T1071 #T1124 #T1204 #T1057 #T1053 #T1566 #T1102 #T1059 #T1001 #T1105 #T1055 #T1620 #T1543 #T1489 #T1078 #T1008 #T1571 #T1218 #T1220 #T1588 #T1203 #T1189 #T1049 #T1574 #T1098 #T1087 #T1593 #T1589 #T1016 #T1587 #T1591 #T1585 #T1583 #T1557 #T1547 #T1614 #T1106 #T1573 #T1048 #T1562 #T1608 #T1070 #T1047 #T1074 #T1134 #T1056 #T1529 #T1010 #T1553 #T1033 #T1485 #T1012 #T1110 #T1534 #T1104 #T1202 #T1221 #T1132 #T1021 #T1561 #T1564 #T1584 #T0865 #T1542 #T1491
Shares tags: T1140, T1204, T1566
2022-04-29 • 30% Match
#Trend #BlackBanshee #BlackAlicanto #T1082 #T1059.003 #T1090 #T1005 #T1070.004 #T1041 #T1113 #T1555 #T1560 #T1071.001 #T1112 #T1083 #T1204.001 #T1036 #T1027 #T1204.002 #T1071 #T1124 #T1204 #T1057 #T1059.005 #T1566.001 #T1547.001 #T1053.005 #T1132.001 #T1566 #T1059 #T1003 #T1105 #T1620 #T1486 #T1135 #T1078 #T1548 #T1190 #T1592 #T1049 #T1087 #T1589 #T1074.001 #T1591 #T1547 #T1068 #T1573 #T1095 #T1048 #T1608 #T1070 #T1056 #T1036.007 #T1614.001 #T1033 #T1110 #T1221 #T1132 #T1570 #T1021 #T1615 #T1482 #T1210 #T1069 #T1595 #T1039 #T1016.001
Shares tags: T1204, T1566, T1059
« Back