The Reveal Platform
Intel Name: Technical analysis of matanbuchus 3.0
Date of Scan: December 29, 2025
Impact: High
Summary: Matanbuchus is a C++-based malicious downloader offered as Malware-as-a-Service since 2020. It has evolved through multiple development stages, with version 3.0 observed in the wild in July 2025. The malware allows attackers to deploy additional payloads and execute hands-on keyboard activity via shell commands. Despite its simple design, Matanbuchus has recently been linked to ransomware operations. It consists of two main components: a downloader module and a primary execution module. This ThreatLabz examines its obfuscation methods, persistence mechanisms, and network communication.
