Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
14-12-2021 07:05
General
-
Target
8da5082cd25674462962a5c3d23f2907e4502891a616f9506af017dea5a18f88.dll
-
Size
522KB
-
MD5
d1f793800415a201822a8dc7597a96d7
-
SHA1
f6fb94b9d316d57f088d48892c3815345104aefc
-
SHA256
8da5082cd25674462962a5c3d23f2907e4502891a616f9506af017dea5a18f88
-
SHA512
2a2f0f127f7b7449789a373b6d06589f8948f48b8efcd8682b9eb94a1b15eebfe199d85179f39afd473f3edcb9616d4cf7dda926264b0b864dbf8978de6999f4
Malware Config
Extracted
matanbuchus
https://belialq449663.at/f5126584-3f68-4e0c-868a-dcb2455f8146/Y2xpbnRvbjQ1.xml
https://belialw869367.at/f5126584-3f68-4e0c-868a-dcb2455f8146/Y2xpbnRvbjQ1.xml
https://beliale232634.at/b0868b6b-7f2c-4ac6-ba54-ba9b13744d17/clinton45.xml
https://belialr878539.at/b0868b6b-7f2c-4ac6-ba54-ba9b13744d17/clinton45.xml
https://belialp632298.at/b0868b6b-7f2c-4ac6-ba54-ba9b13744d17/clinton45.xml
Signatures
-
Matanbuchus
A loader sold as MaaS first seen in February 2021.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8da5082cd25674462962a5c3d23f2907e4502891a616f9506af017dea5a18f88.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8da5082cd25674462962a5c3d23f2907e4502891a616f9506af017dea5a18f88.dll,#12⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
Filesize
8KB
-
Filesize
536KB
-
Filesize
4KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
124KB