Overview

overview

10

Static

static

10

2022-06-16...ts.zip

windows7_x64

1

2022-06-16...ts.zip

windows10-2004_x64

1

2022-06-16...ke.txt

windows7_x64

1

2022-06-16...ke.txt

windows10-2004_x64

1

2022-06-16...LL.dll

windows7_x64

1

2022-06-16...LL.dll

windows10-2004_x64

1

2022-06-16...ff.bin

windows7_x64

3

2022-06-16...ff.bin

windows10-2004_x64

3

2022-06-16...bs.txt

windows7_x64

1

2022-06-16...bs.txt

windows10-2004_x64

1

2022-06-16...gv.bin

windows7_x64

3

2022-06-16...gv.bin

windows10-2004_x64

3

2022-06-16...us.txt

windows7_x64

1

2022-06-16...us.txt

windows10-2004_x64

1

2022-06-16...ry.bin

windows7_x64

3

2022-06-16...ry.bin

windows10-2004_x64

3

2022-06-16...LL.dll

windows7_x64

1

2022-06-16...LL.dll

windows10-2004_x64

1

2022-06-16...px.txt

windows7_x64

1

2022-06-16...px.txt

windows10-2004_x64

1

SCAN-016063.html

windows7_x64

1

SCAN-016063.html

windows10-2004_x64

1

SCAN-01606...le.zip

windows7_x64

1

SCAN-01606...le.zip

windows10-2004_x64

1

SCAN-016063.pdf.msi

windows7_x64

10

SCAN-016063.pdf.msi

windows10-2004_x64

10

SCAN-016063.html

windows7_x64

1

SCAN-016063.html

windows10-2004_x64

1

SCAN-016063.pdf.msi

windows7_x64

10

SCAN-016063.pdf.msi

windows10-2004_x64

10

SCAN-026764.html

windows7_x64

1

SCAN-026764.html

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2022-06-16-Matanbuchus-and-Cobalt-Strike-malware-and-artifacts.zip

  • Size

    10.1MB

  • Sample

    220620-p375cadcaq

  • MD5

    ca91ea36e944a157c66073b4fa26b706

  • SHA1

    c89e4fb47d32c0549fdb83d560c681bf179f6128

  • SHA256

    aefeed0c32afb5933a44c85ba14888058e58488053421c5fa86ffbe1bcf9efa8

  • SHA512

    a4796e7b85ef83c054ce0f29a111f768bafe24ae7ae451f779d9bba8e7d6e90e8bba8002f898dd70a6f2f20233c48638327e66f630e6c0e2b3b0677cfc17428f

Score
10/10
matanbuchusloader

Malware Config

Targets

    • Target

      2022-06-16-Matanbuchus-and-Cobalt-Strike-malware-and-artifacts.zip

    • Size

      10.1MB

    • MD5

      ca91ea36e944a157c66073b4fa26b706

    • SHA1

      c89e4fb47d32c0549fdb83d560c681bf179f6128

    • SHA256

      aefeed0c32afb5933a44c85ba14888058e58488053421c5fa86ffbe1bcf9efa8

    • SHA512

      a4796e7b85ef83c054ce0f29a111f768bafe24ae7ae451f779d9bba8e7d6e90e8bba8002f898dd70a6f2f20233c48638327e66f630e6c0e2b3b0677cfc17428f

    Score
    1/10
    behavioral1behavioral2

    • Target

      2022-06-16-IOCs-for-Matanbuchus-and-Cobalt-Strike.txt

    • Size

      6KB

    • MD5

      b66150a7cfa2b164b0c62771e4dc116e

    • SHA1

      569cadcf3fb44ec771a1905512f59345b474e62f

    • SHA256

      22f78f65d85a488ce4b25768104a23b1b391ecd5905788fce07b595a6449c9f7

    • SHA512

      609fe861794d007a80da66e8615aede3c0b08d4cee4efa363fb0495ec502934b19f14faea90bbba61c29efbada26750c0c7889467b7f62c198eea952c67af1b0

    Score
    1/10
    behavioral3behavioral4

    • Target

      2022-06-16-Matanbuchus-DLL.bin

    • Size

      401KB

    • MD5

      f354998cefb35626ac34c77ca2a6d808

    • SHA1

      0357cb803c5999d26e97928e9519fa8cf106d9b3

    • SHA256

      0bdf1060b85ad55e73393eb0b59c1d226e091da4f4dcce65dacba5e9a1fd76a7

    • SHA512

      245cb6e20d82ddf669531e7f051f7541edca580f8683285d02d53376b9a8126f4fc16f67e39cf48194f96124cfcdc718f8219a3737db038271a3a8c10444fb3e

    Score
    1/10
    behavioral5behavioral6

    • Target

      2022-06-16-extic.icu-empower-type.tiff.bin

    • Size

      205KB

    • MD5

      314a641ee6ef932f4c561388bd539090

    • SHA1

      f20a688766f3c7105b64a6342277879d751de6f3

    • SHA256

      1e9aaf1375d9f7403644b4bea2c6fe679579bf61945ba6bdb54cc7cd7b728211

    • SHA512

      2f6c34bf7bd616a5c5c5fbaefd1fe066a55af17cf599dd4cf2bc0d7185a0557ca38833f2ddbc58d32aa8a9ede2635ce4ffadb49e3f726e7d9ce080c2d1961d5d

    Score
    3/10
    behavioral7behavioral8

    • Target

      2022-06-16-notify.vbs.txt

    • Size

      68B

    • MD5

      0308aa2c8dab8a69de41f5d16679bb9b

    • SHA1

      c6827bf44a433ff086e787653361859d6f6e2fb3

    • SHA256

      0a7e8fd68575db5f84c18b9a26e4058323d1357e2a29a5b12278e4bfa6939489

    • SHA512

      1a1ca92e3c8d52c8b5adbb3117a88d8a2a8c33eaf2f7b0d620fe006653f57f4ba0b803884616594ca31e13a1b0b59ddae52cecf044621ec44371084dac6beb72

    Score
    1/10
    behavioral9behavioral10

    • Target

      2022-06-16-reykh.icu-load-hunt.jpgv.bin

    • Size

      205KB

    • MD5

      40d5b499d9213f44ca786d56b6e10907

    • SHA1

      73b17544d1e42dc12d4af1d19343e2c7456a4a0b

    • SHA256

      80e3212beed371025ba8c3eb32bea41de85d856941506f2a5255377069449c95

    • SHA512

      626651ff7dd4dee8d4c707a7077b08d48254a70ca3e7bb07d2377db684b781fe4b822b7f5ff9fa751ab45454cbd9cefbd302fdcbe77c3b727b8ce33ecba3b2b8

    Score
    3/10
    behavioral11behavioral12

    • Target

      2022-06-16-scheduled-task-for-Matanbuchus.txt

    • Size

      3KB

    • MD5

      7a06c5967c573a300f70b20c4b0fa572

    • SHA1

      1875a1cd4c7db2c84435255047aa6bd490e5f1aa

    • SHA256

      a1ecd719727fa8887cbb2d65d555eea3ca2384af22a58351b197e92b1aed9b14

    • SHA512

      064550cc44ef7b81fffeccecbd379ee8d8916be713b7c2a8488a3fd0d375f113adbf340f21be7d54dd9ea0a2a2e2865c122560aeadecef5eb200cf354cadf19c

    Score
    1/10
    behavioral13behavioral14

    • Target

      2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx-converted-to-XOR-ed-binary.bin

    • Size

      591KB

    • MD5

      97fc6726f396c4b86bc84ca97e787637

    • SHA1

      ad6e5024a0be6f69370e7a0482a2baa27c4a25be

    • SHA256

      a5b06297d86aee3c261df7415a4fa873f38bd5573523178000d89a8d5fd64b9a

    • SHA512

      52224bf00b3b54dfc74f64b7635a47fd065180c1df2afc26931273eb3b9784f11b09321686c371cf4fc9447dc693ae00308d5b6b285f290f9c65130b9b698a41

    Score
    3/10
    behavioral15behavioral16

    • Target

      2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx-decoded-DLL.bin

    • Size

      591KB

    • MD5

      8fc15b030254c0d49f18d06c696d6986

    • SHA1

      75f62f4d419b921bc081b5e8387665ac3cffd0d7

    • SHA256

      bd68ecd681b844232f050c21c1ea914590351ef64e889d8ef37ea63bd9e2a2ec

    • SHA512

      9b84ef2bddde8a493b1a9bec16fc01e8651cfa1ee08ebda326a15390b18fe8e0a40c5f8a2e36bbbd4f5848b7a3c04b4bbb955ca0b5dd04ee73991667d528838f

    Score
    1/10
    behavioral17behavioral18

    • Target

      2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx.txt

    • Size

      812KB

    • MD5

      0a39d498c453699cde26fb6088d9e008

    • SHA1

      f936e1509e2aa95b593b3996a43e125769ae3351

    • SHA256

      39ec827d24fe68d341cff2a85ef0a7375e9c313064903b92d4c32c7413d84661

    • SHA512

      0490cd54f19f8406d4f02a7f1fa86f888d9fabad5d3caa1fa968106f6488c989158090549030e8ff4ab10bad2efa0a1d2aedfa7b7ffdb34d74ae773d563f707d

    Score
    1/10
    behavioral19behavioral20

    • Target

      SCAN-016063.html

    • Size

      936KB

    • MD5

      3e757306c45b710d739a802fbd1fb69f

    • SHA1

      60c1dc0b885ac77b8f670b636c8d404654362354

    • SHA256

      d0e2e92ec9d3921dc73b962354c7708f06a1a34cce67e8b67af4581adfc7aaad

    • SHA512

      71d63e20f20658c87cb22da1f8e8b90251384fa3b193cf19e7ea438c4d0d825784baa03d40f6c4b9f3df0f75fd69c451009f0b05608c26fb8849caa1749bfa3c

    Score
    1/10
    behavioral21behavioral22

    • Target

      SCAN-016063-from-html-file.zip

    • Size

      191KB

    • MD5

      f177b0ec8a79756f45f8cf0fb9b99c07

    • SHA1

      1b18d12dc5c14e68b271164ff63647a6d2eb090d

    • SHA256

      63242d49d842cdf699b0ec04ad7bba8867080f8337d3e0ec7e768d10573142b3

    • SHA512

      51cf246d10285febcc31a8fccabc0819d98d4ecf9fed171653f387decb0d5ba2055169c949021667c449b3b5a3dbe85224db0857976ab70825735f7a587c6b5d

    Score
    1/10
    behavioral23behavioral24

    • Target

      SCAN-016063.pdf.msi

    • Size

      224KB

    • MD5

      ff82937564ff59eb6207f079cdc8e43d

    • SHA1

      7cfe0a71c4a2508a1af80e640ec8b1b034edb604

    • SHA256

      face46e6593206867da39e47001f134a00385898a36b8142a21ad54954682666

    • SHA512

      4c4c2f59ef157de6570bf16daff958d9ccdafd8ba6cf3f946cabaa413c085c05242b2499552e789f0f0bc9e1cbf0b74ec6327340d29c80a694aeddf444788ee1

    Score
    10/10
    matanbuchusloader

    • Matanbuchus

      A loader sold as MaaS first seen in February 2021.

      loadermatanbuchus

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral25behavioral26

    • Target

      SCAN-016063.html

    • Size

      936KB

    • MD5

      3e757306c45b710d739a802fbd1fb69f

    • SHA1

      60c1dc0b885ac77b8f670b636c8d404654362354

    • SHA256

      d0e2e92ec9d3921dc73b962354c7708f06a1a34cce67e8b67af4581adfc7aaad

    • SHA512

      71d63e20f20658c87cb22da1f8e8b90251384fa3b193cf19e7ea438c4d0d825784baa03d40f6c4b9f3df0f75fd69c451009f0b05608c26fb8849caa1749bfa3c

    Score
    1/10
    behavioral27behavioral28

    • Target

      SCAN-016063.pdf.msi

    • Size

      224KB

    • MD5

      ff82937564ff59eb6207f079cdc8e43d

    • SHA1

      7cfe0a71c4a2508a1af80e640ec8b1b034edb604

    • SHA256

      face46e6593206867da39e47001f134a00385898a36b8142a21ad54954682666

    • SHA512

      4c4c2f59ef157de6570bf16daff958d9ccdafd8ba6cf3f946cabaa413c085c05242b2499552e789f0f0bc9e1cbf0b74ec6327340d29c80a694aeddf444788ee1

    Score
    10/10
    matanbuchusloader

    • Matanbuchus

      A loader sold as MaaS first seen in February 2021.

      loadermatanbuchus

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral29behavioral30

    • Target

      SCAN-026764.html

    • Size

      936KB

    • MD5

      b8da61e3bfc39640cba9d7143efb3293

    • SHA1

      de7da715b872f8bd20787c3321d4ce746f0b8b0a

    • SHA256

      56ec91b8e594824a678508b694a7107d55cf9cd77a1e01a6a44993836b40ec7a

    • SHA512

      3441b13289e434006e1e422fa09b3f42f06da69aff4b0ff80c480eabab1529f277cd339d3d8aba482f7669bae2a1382c765592d41f9be51f08c82d22ec897975

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

matanbuchus
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

matanbuchusloader
Score
10/10

behavioral26

matanbuchusloader
Score
10/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

matanbuchusloader
Score
10/10

behavioral30

matanbuchusloader
Score
10/10

behavioral31

Score
1/10

behavioral32

Score
1/10