matanbuchus | face46e6593206867da39e47001f134a00385898a36b8142a21ad54954682666 | Triage

Submit
Reports

Overview

overview

Static

static

SCAN-016063.pdf.msi

windows7_x64

SCAN-016063.pdf.msi

windows10-2004_x64

Sharing

General

Target

SCAN-016063.pdf.msi
Size

224KB
Sample

220630-tns44acdhk
MD5

ff82937564ff59eb6207f079cdc8e43d
SHA1

7cfe0a71c4a2508a1af80e640ec8b1b034edb604
SHA256

face46e6593206867da39e47001f134a00385898a36b8142a21ad54954682666
SHA512

4c4c2f59ef157de6570bf16daff958d9ccdafd8ba6cf3f946cabaa413c085c05242b2499552e789f0f0bc9e1cbf0b74ec6327340d29c80a694aeddf444788ee1

Score

10^/10

matanbuchus loader

Static task

static1

Behavioral task

behavioral1

Sample

SCAN-016063.pdf.msi

Resource

win7-20220414-en

matanbuchus loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SCAN-016063.pdf.msi

Resource

win10v2004-20220414-en

matanbuchus loader

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SCAN-016063.pdf.msi
- Size
  
  224KB
- MD5
  
  ff82937564ff59eb6207f079cdc8e43d
- SHA1
  
  7cfe0a71c4a2508a1af80e640ec8b1b034edb604
- SHA256
  
  face46e6593206867da39e47001f134a00385898a36b8142a21ad54954682666
- SHA512
  
  4c4c2f59ef157de6570bf16daff958d9ccdafd8ba6cf3f946cabaa413c085c05242b2499552e789f0f0bc9e1cbf0b74ec6327340d29c80a694aeddf444788ee1
Score

10^/10

matanbuchus loader
- Matanbuchus
  A loader sold as MaaS first seen in February 2021.
  loader matanbuchus
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

matanbuchusloader

behavioral2

matanbuchusloader

© 2018-2024

Terms | Privacy