donutloader | 37883f9acd439e989fa665b51fe2b1b46e41a9551c6460c0bbf9c7adcd785023 | Triage

Submit
Reports

Overview

overview

Static

static

3

jMUMLUo.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

jMUMLUo.exe
Size

457KB
Sample

250507-h15swagq5t
MD5

1e70a2fafdd1c76b81e6e5e384e93cb6
SHA1

d780f38939d5f9541315f1e6b29ba3e0c6fe7292
SHA256

37883f9acd439e989fa665b51fe2b1b46e41a9551c6460c0bbf9c7adcd785023
SHA512

a6904c053699de4d42cc47a94fad38638d246ef9856c669f321f28b32099be5a41cd3e6075e078f580e076cfd0ed2f9872dbc110ebbbd76e6ac7d5739fc9f19a
SSDEEP

12288:5JFV8FKStnVclYq4YpJr8SfHSWMwkahCqLN1a+wjb:hVnENYp9dfqwkaIR

Score

10^/10

donutloader xworm loader persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

jMUMLUo.exe

Resource

win10v2004-20250502-en

donutloader xworm loader persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  jMUMLUo.exe
- Size
  
  457KB
- MD5
  
  1e70a2fafdd1c76b81e6e5e384e93cb6
- SHA1
  
  d780f38939d5f9541315f1e6b29ba3e0c6fe7292
- SHA256
  
  37883f9acd439e989fa665b51fe2b1b46e41a9551c6460c0bbf9c7adcd785023
- SHA512
  
  a6904c053699de4d42cc47a94fad38638d246ef9856c669f321f28b32099be5a41cd3e6075e078f580e076cfd0ed2f9872dbc110ebbbd76e6ac7d5739fc9f19a
- SSDEEP
  
  12288:5JFV8FKStnVclYq4YpJr8SfHSWMwkahCqLN1a+wjb:hVnENYp9dfqwkaIR
Score

10^/10

donutloader xworm loader persistence rat trojan
- Detect Xworm Payload
- Detects DonutLoader
  loader
- DonutLoader
  DonutLoader is a position-independent code that enables in-memory execution of VBScript, JScript, EXE, DLL files and dotNET assemblies.
  loader donutloader
- Donutloader family
  donutloader
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

donutloaderxwormloaderpersistencerattrojan

© 2018-2025

Terms | Privacy

	
		OSZAR »