Overview

overview

10

Static

static

1

64b2633855...16.exe

windows10-2004-x64

10

64b2633855...16.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64b263385586b6b45fb0d483398d354245598521735cc7cdab0451235d49fa16.exe

  • Size

    6.4MB

  • Sample

    250507-pdxmba1xg1

  • MD5

    d552dd83d9b08c216e666b5ee48964ab

  • SHA1

    6d4621d6c727d21624f721cc867e990c5683a79c

  • SHA256

    64b263385586b6b45fb0d483398d354245598521735cc7cdab0451235d49fa16

  • SHA512

    7724fccde8d0c49dd189c5c0e1af7bbb977d92edd3270a8d289c1a5373e532ee578c66a1b02cc3f8ca5d4833d9199e487c3f8a57d0c34e6258ec423bf58d4c94

  • SSDEEP

    98304:1X4p1I5D82BG1VIsBQ/unAwdPAlg7dT6L6AWKK+Gw6c:9wIg2QQSNnNP5dT6L6AKwJ

Score
10/10
donutloaderdiscoveryloader

Malware Config

Targets

    • Target

      64b263385586b6b45fb0d483398d354245598521735cc7cdab0451235d49fa16.exe

    • Size

      6.4MB

    • MD5

      d552dd83d9b08c216e666b5ee48964ab

    • SHA1

      6d4621d6c727d21624f721cc867e990c5683a79c

    • SHA256

      64b263385586b6b45fb0d483398d354245598521735cc7cdab0451235d49fa16

    • SHA512

      7724fccde8d0c49dd189c5c0e1af7bbb977d92edd3270a8d289c1a5373e532ee578c66a1b02cc3f8ca5d4833d9199e487c3f8a57d0c34e6258ec423bf58d4c94

    • SSDEEP

      98304:1X4p1I5D82BG1VIsBQ/unAwdPAlg7dT6L6AWKK+Gw6c:9wIg2QQSNnNP5dT6L6AKwJ

    Score
    10/10
    donutloaderdiscoveryloader

    • Detects DonutLoader

      loader

    • DonutLoader

      DonutLoader is a position-independent code that enables in-memory execution of VBScript, JScript, EXE, DLL files and dotNET assemblies.

      loaderdonutloader

    • Donutloader family

      donutloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »