Overview

overview

3

Static

static

3

2024-03-26...ts.zip

windows7-x64

1

2024-03-26...ts.zip

windows10-2004-x64

1

Resubmissions

29/03/2024, 12:00

240329-n6l6lsgb9t 6

29/03/2024, 11:53

240329-n2axsaga71 3

29/03/2024, 11:23

240329-ng8nbaff3z 3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-03-26-Matanbuchus-and-Danabot-malware-and-artifacts.zip

  • Size

    11.4MB

  • MD5

    ed5ba387ed600ea6ca91a874cab9adff

  • SHA1

    6d27bf337fc870a70eb4b13aa1989147b9a4d434

  • SHA256

    8e84ba5a875114c4c8adc91575d1f3e1f0ce2a136c644dac7efe28c677e4f1d9

  • SHA512

    1f97d44163c23b6f886c2515d951f9980810ba47767d06cc7a3464ed841657e6ac5ec066e74648fef6ab8cea2342f884b832d238b8b2af6a31bba86fd1407fa9

  • SSDEEP

    196608:Qe6O1o7FDPTdRdlTDoMbo9eNCUHKqsfOtOtHUa3NVKiJgjf01Drkvv6hWgfJZwoo:QkixZDVDoU/CU2fHUa3NUiJgw1DA2BZW

Score
3/10

Malware Config

Signatures

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-03-26-Matanbuchus-and-Danabot-malware-and-artifacts.zip
    .zip

    Password: infected_20240326

  • 2024-03-26-IOCs-for-Matanbuchus-infection-with-Danabot.txt
  • 2024-03-26-base64-text-returned-from-https_gammaproject.dev_index.aspx.txt
  • 2024-03-26-decoded-and-decrypted-Matanbuchus-DLL-from-base64-text.bin
    .dll regsvr32 windows:6 windows x86 arch:x86

    Password: infected_20240326

    880cea822b95f442aeb0c42f8c49c900


    Headers

    Imports

    Exports

    Sections

  • 2024-03-26-scheduled-task-for-Danabot.txt
  • 2024-03-26-scheduled-task-for-Matanbuchus.txt
  • Dad.dll
    .dll regsvr32 windows:6 windows x86 arch:x86

    Password: infected_20240326

    c54312c8f26c83c247a922c8510d9a3d


    Headers

    Imports

    Exports

    Sections

  • Hqeyair.dll
    .dll windows:5 windows x64 arch:x64

    Password: infected_20240326

    f34e13b8d4d75c780ac5e3ef2858082c


    Headers

    Imports

    Exports

    Sections

  • bLhLldebqq.msi
    .msi
  • q-report-53394.zip
    .zip .js polyglot

    Password: infected_20240326

  • _
  • q-report-60033.js
    .js
  • uyegwfgefwg.exe
    .exe windows:5 windows x86 arch:x86

    Password: infected_20240326

    88b32203d0a05a747b387c7374b2b4fd


    Headers

    Imports

    Exports

    Sections