

- #1960 trojan loader parts install
- #1960 trojan loader parts zip file
- #1960 trojan loader parts pro
- #1960 trojan loader parts download

Stage wherein malicious e-mails associated with this attack is traversing the network using endpoint protection and SMTP agents protecting from malicious files coming through emails.

Detailed analysis of the malware campaign can be seen at Force point’s portal.Īt the following stages of an attack using multiple measures, the attack can be prevented using updated Anti-Virus rules and advanced security monitoring solutions: A VirusTotal report (Figure 3) shows how the DDoS bot behaves:Īs per Force Point analysis, both the malware behaves in the same manner which discredits Quant Loader author’s statement of developing the malware from scratch.
#1960 trojan loader parts pro
Figure 3 VirtusTotal ReportĪs per Force point, both DDoS Madness Pro and Quant Loader share a lot of the same code. This would also help the users using the malware to optimize Quant Loader installs across various victims. Also, through the panel the attacker could target victims as per the geographical location.Īuthors behind the malware also advertised that their product can limit the number of required downloads and balance downloads’ across multiple servers which would prevent them from being flagged. The malware provides its owner, an admin panel, which would allow the attacker to manage and control what the malware is to push on the compromised victim’s machine.
#1960 trojan loader parts install
In the deep web and underground forums, the Trojan authors were advertising the Trojan as a brand new piece of threat which’s able to install both DLL and EXE files and escalate user privileges without any complex and aggressive techniques.
#1960 trojan loader parts download
Executing this file would download Quant Loader which, after having boot persistence, downloads Pony or Locky.
#1960 trojan loader parts zip file
Campaigns with spam emails come with the Zip file attached which, if unzipped will dump a Windows script file (WSF) on the victim’s system. It can be used as a first stage infection (as a new malware dropper) which amazingly also is able to stealthily download more complex bits of malware.Ĭurrently, it is widely seen deployed with Locky ransomware (Zepto variant) and the Pony campaigns. Quant Loader can be purchased by anyone who is interested is using the malware. The group is also known for selling Z*Srealer information-stealing Trojan and the MBS bitcoin mining Trojan. Madness Pro is a DDoS bot which utilizes standard methods to be persistent on the system and evade detection. As per Force point, the malware behaves in a similar manner to the DDoS Madness System which was also developed by CPPGuru.

Figure 2 Quant Loader – Control Panel LoginĮven though the Trojan is new to the market, it’s already been seen used as part of an email campaign. The control panel login page (Figure 2) for Quant Loader confirms this. Force point was able to confirm this relationship by discovering that the Quant Loader’s seller, “MrRaiX” (or also “DamRaiX”), in fact, is a member of the same group. It is considered to be a very rudimentary Trojan downloader, created by a C++ GURU known Russian cyber-criminal group called ‘C++ GURU’ also known as CPPGuru. It has been noticed getting distributed with Locky Zepto crypto-ransomware and Pony malware. Recently a brand new Trojan came into the market called Quant Loader which has been spotted on multiple Russian underground marketplaces.
