Overview

overview

10

Static

static

SCAN-068589.pdf.msi

windows7_x64

10

SCAN-068589.pdf.msi

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SCAN-068589.pdf.msi

  • Size

    224KB

  • Sample

    220616-wyqstsbaf8

  • MD5

    c0ee31bc6536ae8cb7e5d8809676920a

  • SHA1

    b21482d1072e5cb65488f2c181f38c75d8c80dcd

  • SHA256

    2d8740ea16e9457a358ebea73ad377ff75f7aa9bdf748f0d801f5a261977eda4

  • SHA512

    66ed8f4762f3cb7b4026c9d7eeaec2ee4e8275495d527f99fd163d0a72f436ef2e2fdad88f7dcad87e3dd10c7afffe7b2f0f6c3412de68c16e96f9377cb4fe1d

Score
10/10
matanbuchusloader

Malware Config

Targets

    • Target

      SCAN-068589.pdf.msi

    • Size

      224KB

    • MD5

      c0ee31bc6536ae8cb7e5d8809676920a

    • SHA1

      b21482d1072e5cb65488f2c181f38c75d8c80dcd

    • SHA256

      2d8740ea16e9457a358ebea73ad377ff75f7aa9bdf748f0d801f5a261977eda4

    • SHA512

      66ed8f4762f3cb7b4026c9d7eeaec2ee4e8275495d527f99fd163d0a72f436ef2e2fdad88f7dcad87e3dd10c7afffe7b2f0f6c3412de68c16e96f9377cb4fe1d

    Score
    10/10
    matanbuchusloader

    • Matanbuchus

      A loader sold as MaaS first seen in February 2021.

      loadermatanbuchus

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks