Code Emulation and Cybercrime Infrastructure Discovery

216.73.216.233

Code Emulation and Cybercrime Infrastructure Discovery

· Published 08/05/2024 11:18 · Modified 08/05/2024 17:29

Essential information

Published: 08/05/2024 11:18
Modified: 08/05/2024 17:29
Tags: 2024-05-03 2024-05-04 2024-05-05 2024-05-06 2024-05-07 2024-05-08 bulletproof emulation loader matanbuchus ransomware socgholish stealer
Related entities: 76 observables, 1 intrusion sets (apt), 20 techniques (mitre), 2 malware

Description

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various malicious activities, including the SocGholish malware. The report highlights how exploring the infrastructure behind these threats can reveal interconnected cybercrime operations and enable proactive defense.

External references

https://www.intrinsec.com/wp-content/uploads/2024/04/TLP-CLEAR-Matanbuchus-Co-Code-Emulation-and-Cybercrime-Infrastructure-Discovery-1.pdf
https://otx.alienvault.com/pulse/663b5f7e5b2287dec38a1b3b