Resubmissions

03/07/2025, 05:53

250703-gll7jstzhw 10

03/07/2025, 05:51

250703-gkljmafl6w 3

General

  • Target

    http://docdrop.ink

  • Sample

    250703-gll7jstzhw

Malware Config

Targets

    • Target

      http://docdrop.ink

    • Detects DonutLoader

    • DonutLoader

      DonutLoader is a position-independent code that enables in-memory execution of VBScript, JScript, EXE, DLL files and dotNET assemblies.

    • Donutloader family

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks