Overview

overview

10

Static

static

1

TecoMecFF1...25.vbs

windows10-2004-x64

10

TecoMecFF1...25.vbs

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    07052025_0118_TecoMecFF1557004015_05042025.vbs.iso

  • Size

    818KB

  • Sample

    250507-bpgtcayly9

  • MD5

    f76202233c83ac4062ed2b8c2c9b205b

  • SHA1

    71c3ebf6bec225e8d14e0f197d8348f4027ab9ac

  • SHA256

    d1ad4b7a799e7e582c3916f3ebde1962234a1266ed37f5481a6c7ade85165adf

  • SHA512

    f94653ff0af8945a5544012ae50449d0c797d771dd2a7170dafd7553d6f1b4e1ce22e0243025b6e4129a9c51921537e8535d59b2e6e2d98669a67c6f99485656

  • SSDEEP

    12288:XDiFspcqR2BQ2WPbr5fij6A+2xokajhEC1uG9VeQHeL5V2pD:zSgRoQlP5qjL+2S7jh5uYVeqOil

Score
10/10
donutloaderloaderpersistence

Malware Config

Targets

    • Target

      TecoMecFF1557004015_05042025.vbs

    • Size

      756KB

    • MD5

      4d6021d9e3b881aa5fd63deac460483e

    • SHA1

      40906542b9def66e7f997841742a2881978098ea

    • SHA256

      38235e51c18b3305e3f2bacadb7cb5b70058c89d3ce3ea50d7e921ce8e56ace9

    • SHA512

      58cf0f47cdf40f8c95459d0b70db8c74180b06eb2a78f410dee2d2c814c2ba5e76cbd1e1063c06be627513beadd244982c5428b67291e2a57047a871e213c209

    • SSDEEP

      12288:QDiFspcqR2BQ2WPbr5fij6A+2xokajhEC1uG9VeQHeL5V2pDu:0SgRoQlP5qjL+2S7jh5uYVeqOilu

    Score
    10/10
    donutloaderloaderpersistence

    • Detects DonutLoader

      loader

    • DonutLoader

      DonutLoader is a position-independent code that enables in-memory execution of VBScript, JScript, EXE, DLL files and dotNET assemblies.

      loaderdonutloader

    • Donutloader family

      donutloader

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »