matanbuchus | 15097d2f74343c844eddaf977e411939b5060d9be365ac28b34c2c3d489f0b41

Resubmissions

16-12-2021 09:50

211216-lva8vsbgc2 3

14-12-2021 07:05

211214-hwjpvafce8 10

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-en-20211208
submitted
14-12-2021 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15097d2f74343c844eddaf977e411939b5060d9be365ac28b34c2c3d489f0b41.dll
Size

522KB
MD5

84702bd6e798481f81066c1e0671ae03
SHA1

c53a1d8aa4495cb5acf07ddc069153fbecd37a91
SHA256

15097d2f74343c844eddaf977e411939b5060d9be365ac28b34c2c3d489f0b41
SHA512

802b350012e73bb3adbb59492d22db33cff7f67084975eb054f969908cab2826945a01f4086e08f88e176a1da2248b5c852d02d3f086c2a036ccddd286367fb4

Score

10^/10

matanbuchus loader

Malware Config

Extracted

Family

matanbuchus

https://belialq449663.at/f5126584-3f68-4e0c-868a-dcb2455f8146/Y2xpbnRvbjQ1.xml

https://belialw869367.at/f5126584-3f68-4e0c-868a-dcb2455f8146/Y2xpbnRvbjQ1.xml

https://beliale232634.at/b0868b6b-7f2c-4ac6-ba54-ba9b13744d17/clinton45.xml

https://belialr878539.at/b0868b6b-7f2c-4ac6-ba54-ba9b13744d17/clinton45.xml

https://belialp632298.at/b0868b6b-7f2c-4ac6-ba54-ba9b13744d17/clinton45.xml

Signatures

Matanbuchus
A loader sold as MaaS first seen in February 2021.
loader matanbuchus

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1756	1752	rundll32.exe	27
PID 1752 wrote to memory of 1756	1752	rundll32.exe	27
PID 1752 wrote to memory of 1756	1752	rundll32.exe	27
PID 1752 wrote to memory of 1756	1752	rundll32.exe	27
PID 1752 wrote to memory of 1756	1752	rundll32.exe	27
PID 1752 wrote to memory of 1756	1752	rundll32.exe	27
PID 1752 wrote to memory of 1756	1752	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15097d2f74343c844eddaf977e411939b5060d9be365ac28b34c2c3d489f0b41.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15097d2f74343c844eddaf977e411939b5060d9be365ac28b34c2c3d489f0b41.dll,#1
  2⤵
  PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-56-0x00000000769D1000-0x00000000769D3000-memory.dmp

Filesize
8KB

Download
memory/1756-57-0x00000000002E0000-0x0000000000366000-memory.dmp

Filesize
536KB

Download
memory/1756-58-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1756-59-0x00000000007F0000-0x000000000080E000-memory.dmp

Filesize
120KB

Download
memory/1756-60-0x00000000007F0000-0x000000000080E000-memory.dmp

Filesize
120KB

Download
memory/1756-61-0x0000000000480000-0x000000000049F000-memory.dmp

Filesize
124KB

Download
memory/1756-62-0x00000000007F0000-0x000000000080E000-memory.dmp

Filesize
120KB

Download