Overview

overview

10

Static

static

3

InstallerA...02.exe

windows10-ltsc_2021-x64

10

InstallerA...02.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    InstallerApp_ver12.02.zip

  • Size

    58.8MB

  • Sample

    250507-x7e85avyby

  • MD5

    bcb7963e24ba4775c54b79f2172ad723

  • SHA1

    c9b28ecf1a00807d16934ff622ed2554d71f829f

  • SHA256

    4156e2eee44ca9dcc857741f3944991cf5fa38a5ef0c575e153a3f13c2748fca

  • SHA512

    fa671209390203484856fc9f629549b9410373845234ad69840f6c87e4c724e3c4d3cd25dfbd05d672b6a2eb107e85967c6a2a8fce7914d4c52a75a779cfcb73

  • SSDEEP

    1572864:MtmKLQHvRdV7WKY9Jc82p0oxcTYM8P7fuQvLW:7KMP9WV9yj0Lm7f5q

Score
10/10
donutloaderdiscoveryloaderspywarestealer

Malware Config

Targets

    • Target

      InstallerApp_ver12.02/InstallerApp_ver12.02.exe

    • Size

      7.3MB

    • MD5

      fa122de570f5f04feb13ded859bfa96c

    • SHA1

      9cf36c88df020156afeee73adb9c78b931ad7f43

    • SHA256

      55ea17a44d7a9882236b5cda25fa844e62cb1a4fe8d5cdc17b3591f4f98aa802

    • SHA512

      e69c2180c3c08ea15784706a89944d5ccff35fa89a68e23aa60335b65740363804282f8737e7147f78f904180de6cc3e5d1e3ec2f6b255234c3799a8d3567ddb

    • SSDEEP

      98304:xRTmitxvjSgoSIlDPfwk+UYhOjEJeHMqBF/3A2dxulfpm5+X0t5P8QpqQ9A3bQqm:3TnmgoSIlDPov1hQqjqBFFif0+u5P8q

    Score
    10/10
    donutloaderdiscoveryloaderspywarestealer

    • Detects DonutLoader

      loader

    • DonutLoader

      DonutLoader is a position-independent code that enables in-memory execution of VBScript, JScript, EXE, DLL files and dotNET assemblies.

      loaderdonutloader

    • Donutloader family

      donutloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »