Quixotic

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Quixotic is a potent malware that has been used to crypt various ransomware samples, including BlackBasta and CobaltStrike. In May 2023, it was utilized to encrypt a BlackBasta ransomware sample, while in October 2022, it played a significant role in a CobaltStrike sample used in a BlackBasta attack. The malware stores its payload in a data section and employs XOR decryption with a key constructed from multiple strings. It's noteworthy that we began tracking Quixotic and Quartz in May 2022, and first observed Quicksand in March 2023. During 2023, there was a noticeable shift in the malware landscape as the use of SharpDepositorCrypter (SDC)/OMCLoader declined. In contrast, BlackBasta ransomware increasingly employed other crypters, including Quixotic, Quicksand, Dave, and Tron. Qakbot, another harmful software, had been using its own set of crypters, including CryptOne, Quartz, and Quixotic. Intriguingly, similarities were identified between the PE loading code found in Quicksand and the shellcode loaders used by Quartz and Quixotic. The increasing use of Quixotic and its counterparts has raised concerns among cybersecurity professionals. The malware's ability to infiltrate systems unnoticed and cause significant damage or disruption highlights its threat level. Furthermore, the observed trend towards diversifying crypters used by ransomware like BlackBasta suggests an evolving threat landscape, necessitating ongoing vigilance and robust countermeasures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Blackbasta
1
BlackBasta is a malicious software (malware) known for its disruptive and damaging effects on computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even ho
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Crypter
Payload
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CryptoneUnspecified
1
CryptOne is a Delphi-based crypter malware, dating back to 2015, that has been frequently used by various malicious software families such as Gozi, Dridex, NetWalker, and WastedLocker. This crypter is reportedly offered as a Crypter-As-A-Service and it's capable of detecting and disabling a list of
SharpdepositorcrypterUnspecified
1
SharpDepositorCrypter, also known as OMCLoader, is a form of malware that was primarily utilized by the BlackBasta ransomware group during most of 2022. The malware originated as a loader for a .NET infostealer named SharpDepositor, which may explain its name found in PDB strings of early samples. H
CobaltstrikeUnspecified
1
CobaltStrike is a notorious form of malware that has been used in conjunction with other malicious software including IcedID, Qakbot, BazarLoader, Conti, Gozi, Trickbot, Quantum, Emotet, and Royal Ransomware. This malware is typically delivered through suspicious downloads, emails, or websites, ofte
QakBotUnspecified
1
Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Sharpdepositorcrypter Sdc)/omcloaderUnspecified
1
None
Source Document References
Information about the Quixotic Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Zoomer Hackers Shut Down the Biggest Extortion Ring of All | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
SecurityIntelligence.com
a year ago
The Trickbot/Conti Crypters: Where Are They Now?