{
	"id": "ebb5265d-a58e-4f0e-9397-902e71a45a38",
	"created_at": "2026-04-06T00:12:34.875989Z",
	"updated_at": "2026-04-10T03:30:57.659224Z",
	"deleted_at": null,
	"sha1_hash": "e2f71039a7563c04f91609ebf79fe8810bb44d1e",
	"title": "Matanbuchus Triage Notes",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34332,
	"plain_text": "Matanbuchus Triage Notes\r\nPublished: 2022-06-19 · Archived: 2026-04-05 22:47:35 UTC\r\n/tmp/samples/55d329a13da236bec15c4c67686b809a2fbf5f6c9625b62d900ac22a7b729ba9.bin\r\n[b'VirtualAlloc', b'Windows-Update-Agent/11.0.10011.16384 Client-Protocol/2.0\\x00', b'rundll32.exe\\x0\r\n/tmp/samples/4b87f95c4477fc66c58b8e16a74f9c47217913cb4a78dc69f27a364a099acd90.bin\r\n[b'VirtualAlloc', b'Windows-Update-Agent/11.0.10011.16384 Client-Protocol/2.0\\x00', b'rundll32.exe\\x0\r\n/tmp/samples/0bdf1060b85ad55e73393eb0b59c1d226e091da4f4dcce65dacba5e9a1fd76a7.bin\r\n[b'VirtualAlloc', b'start dll HackCheck', b'http://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/home.a\r\n/tmp/samples/3cae2ce9b2d7040292f1661af63dc28e778027c46f78d8be3b1d43f4b6c2b046.bin\r\n[b'VirtualAlloc', b'Windows-Update-Agent/11.0.10011.16384 Client-Protocol/2.0\\x00', b'rundll32.exe\\x0\r\n/tmp/samples/b4e7710488c2b7aaa71688b8bd546410af07a215c2e835e8dfbe24887186bd4f.bin\r\n[b'VirtualAlloc', b'Windows-Update-Agent/11.0.10011.16384 Client-Protocol/2.0\\x00', b'rundll32.exe\\x0\r\n/tmp/samples/orig.bin\r\n[b'VirtualAlloc', b'start dll HackCheck', b'http://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/home.a\r\n/tmp/samples/2f36c571f20b2b2c2058d4db574a6d53b148450356bf529d72aefc19505c912e.bin\r\n[b'VirtualAlloc', b'Windows-Update-Agent/11.0.10011.16384 Client-Protocol/2.0\\x00', b'rundll32.exe\\x0\r\n/tmp/samples/4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2.bin\r\n[b'rundll32.exe\\x00', b'ztCYGAuJ\\x00', b'Shlwapi.dll\\x00', b'WS2_32.dll\\x00', b'https://windowsdrive\r\n/tmp/samples/10d5483faf9a4e0fbc17556164f47f7014650797b7d501289b269515a0853b64.bin\r\n[b'VirtualAlloc', b'Windows-Update-Agent/11.0.10011.16384 Client-Protocol/2.0\\x00', b'rundll32.exe\\x0\r\n/tmp/samples/58a673023bbc7f2726e3b7ac917a43d9306692dc87b638ee21b98705a3262ccd.bin\r\n[b'VirtualAlloc', b'Windows-Update-Agent/11.0.10011.16384 Client-Protocol/2.0\\x00', b'rundll32.exe\\x0\r\n/tmp/samples/b9b399dbb5d901c16d97b7c30cc182736cd83a7c53313194a1798d61f9c7501e.bin\r\n[]\r\n/tmp/samples/fa6500946210334d397d612d5ee9b11456316e25672bc60c1267bbdb002af9c7.bin\r\n[b'VirtualAlloc', b'Windows-Update-Agent/11.0.10011.16384 Client-Protocol/2.0\\x00', b'rundll32.exe\\x0\r\n/tmp/samples/60f030597c75f9df0f7a494cb5432b600d41775cfe5cf13006c1448fa3a68d8d.bin\r\n[b'VirtualAlloc', b'start dll HackCheck', b'http://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/home.a\r\n/tmp/samples/e58b9bbb7bcdf3e901453b7b9c9e514fed1e53565e3280353dccc77cde26a98e.bin\r\nhttps://research.openanalysis.net/matanbuchus/loader/yara/triage/dumpulator/emulation/2022/06/19/matanbuchus-triage.html\r\nPage 1 of 2\n\n[b'C:\\\\Windows\\\\System32\\\\schtasks.exe\\x00', b'rundll32.exe\\x00', b' /TR \"%windir%\\\\system32\\\\regsvr3\r\n/tmp/samples/a3c896e23c86e47bcb77096e743010546cd7699e0189344d11b9c642b89deef1.bin\r\n[b'VirtualAlloc', b'Windows-Update-Agent/11.0.10011.16384 Client-Protocol/2.0\\x00', b'rundll32.exe\\x0\r\n/tmp/samples/f27821dddb17b6c8d59fb2ada1e90eac8d561476e5af3a6be064177683b0eee9.bin\r\n[b'VirtualAlloc', b'Windows-Update-Agent/11.0.10011.16384 Client-Protocol/2.0\\x00', b'rundll32.exe\\x0\r\nSource: https://research.openanalysis.net/matanbuchus/loader/yara/triage/dumpulator/emulation/2022/06/19/matanbuchus-triage.html\r\nhttps://research.openanalysis.net/matanbuchus/loader/yara/triage/dumpulator/emulation/2022/06/19/matanbuchus-triage.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://research.openanalysis.net/matanbuchus/loader/yara/triage/dumpulator/emulation/2022/06/19/matanbuchus-triage.html"
	],
	"report_names": [
		"matanbuchus-triage.html"
	],
	"threat_actors": [
		{
			"id": "d9b39228-0d9d-4c1e-8e39-2de986120060",
			"created_at": "2023-01-06T13:46:39.293127Z",
			"updated_at": "2026-04-10T02:00:03.277123Z",
			"deleted_at": null,
			"main_name": "BelialDemon",
			"aliases": [
				"Matanbuchus"
			],
			"source_name": "MISPGALAXY:BelialDemon",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434354,
	"ts_updated_at": 1775791857,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e2f71039a7563c04f91609ebf79fe8810bb44d1e.pdf",
		"text": "https://archive.orkl.eu/e2f71039a7563c04f91609ebf79fe8810bb44d1e.txt",
		"img": "https://archive.orkl.eu/e2f71039a7563c04f91609ebf79fe8810bb44d1e.jpg"
	}
}