donot_downloader | 042370b1170eb37c6c1fc78a82f28c09cd193f897c53f8ec46c0ec618ba5193e | Triage

Sharing

General

Target

vetu (2).bin
Size

446KB
Sample

200707-94xqpbm6a6
MD5

e32dc6ae644b0817348b16cfd8763db9
SHA1

d75801e2979ec3aa33ec869d679fa738d02312d5
SHA256

042370b1170eb37c6c1fc78a82f28c09cd193f897c53f8ec46c0ec618ba5193e
SHA512

62427d31ac34c4b5e38fa189ec9ebe316ddb511b8a27bd13f9913f22afe463e4d9fc806ca2a808c193bfc0b0dfe8c26f4ba046468b30c24a32eb6a5e58622ea2

Score

10^/10

donot_downloader evasion rat spyware trojan

Malware Config

Targets

- Target
  
  vetu (2).bin
- Size
  
  446KB
- MD5
  
  e32dc6ae644b0817348b16cfd8763db9
- SHA1
  
  d75801e2979ec3aa33ec869d679fa738d02312d5
- SHA256
  
  042370b1170eb37c6c1fc78a82f28c09cd193f897c53f8ec46c0ec618ba5193e
- SHA512
  
  62427d31ac34c4b5e38fa189ec9ebe316ddb511b8a27bd13f9913f22afe463e4d9fc806ca2a808c193bfc0b0dfe8c26f4ba046468b30c24a32eb6a5e58622ea2
Score

10^/10

rat donot_downloader evasion spyware trojan
- Donot APT Downloader
  A downloader used by Donot APT group to download further modules.
  rat donot_downloader
- Blacklisted process makes network request
- Modifies system certificate store
  evasion spyware trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ratdonot_downloaderevasionspywaretrojan

behavioral2

ratdonot_downloader