Overview

overview

10

Static

static

docs_06_30_2022.xlsb

windows7_x64

8

docs_06_30_2022.xlsb

windows10-2004_x64

10

Resubmissions

01-07-2022 01:23

220701-br42naebfk 10

30-06-2022 20:01

220630-yrwfvaahbn 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    docs_06_30_2022.xlsb

  • Size

    58KB

  • Sample

    220701-br42naebfk

  • MD5

    f391b6abfa46df66449a0446f80d4168

  • SHA1

    ef875d0ed399227b6a549c150f2d7f881096f303

  • SHA256

    1fc6bed3f1f9a03513cff88ce3d523852565812a75874800add07b4a2efe870b

  • SHA512

    6ac260767d721f91aaa5e3e0f04e8f2270572c4db3fa7942153776d93bc12c79a69adb7a7da1eea1fff8d4ed7c9c001a3eb675035bbafb0fdaba2dd5b82ddcdd

Score
10/10
matanbuchusloader

Malware Config

Targets

    • Target

      docs_06_30_2022.xlsb

    • Size

      58KB

    • MD5

      f391b6abfa46df66449a0446f80d4168

    • SHA1

      ef875d0ed399227b6a549c150f2d7f881096f303

    • SHA256

      1fc6bed3f1f9a03513cff88ce3d523852565812a75874800add07b4a2efe870b

    • SHA512

      6ac260767d721f91aaa5e3e0f04e8f2270572c4db3fa7942153776d93bc12c79a69adb7a7da1eea1fff8d4ed7c9c001a3eb675035bbafb0fdaba2dd5b82ddcdd

    Score
    10/10
    matanbuchusloader

    • Matanbuchus

      A loader sold as MaaS first seen in February 2021.

      loadermatanbuchus

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks