General
-
Target
-ππππ-ππ€ππ-πππ§ππ¦π§-πππππ.7z
-
Size
19.0MB
-
Sample
250704-xmwelsxtgt
-
MD5
c59651c7b5428de3d94bfb87e01ce0bb
-
SHA1
684442fe0f3178a7938fd7a416196942c72565dd
-
SHA256
edb3b7063827beb3a720f64aa712844a8e12c1a042a842aad35c020ac4222f1e
-
SHA512
54d6fd2392fc2159d1fa63d6485d3ae42931e35d7405c0db05d1824dd0ea46c41b739af6f79bd55af030080e36507a1c1b275cf4697c83bb0efc8687f140db6b
-
SSDEEP
393216:0CbjgkERkPc3/OtUU3KuvQXnnG5gd4o47fVeDrE4HQGl6316Tbs:9s33/9yIXnG5FT792rXHQGU3ATg
Behavioral task
behavioral1
Sample
πΊπ¬π»πΌπ·.exe
Resource
win10ltsc2021-20250410-en
Behavioral task
behavioral2
Sample
πΊπ¬π»πΌπ·.exe
Resource
win11-20250610-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\shtl
-
inject_dll
%windir%\SysWOW64\pla.dll
Targets
-
-
Target
πΊπ¬π»πΌπ·.exe
-
Size
3.2MB
-
MD5
289250431113d46971278cff5d2a56fc
-
SHA1
aeaf61a0d924731ce05fee01fd140df85f3b2d68
-
SHA256
b8ef3a8efd03abacf7d711c0cc698fe95fb2984e39c02e39b5993c02eaef9dbc
-
SHA512
8e578979ae672b15a43d198d1e6a9966f8393d97a2d7a65c871436b49d0a807f20952345057ea97423b8a50c11258e55c5ad5273cd676aefdfd72fdfbde368d5
-
SSDEEP
49152:qgJAYksLnjmz21K3ikniIHRTf9RTTTih1r5Ipvy+Rp6tEsDYRW7s8UAT+qHk+6q7:OMjjrhs6tEsYyHU65pC9E
Score10/10-
Detects DonutLoader
-
DonutLoader
DonutLoader is a position-independent code that enables in-memory execution of VBScript, JScript, EXE, DLL files and dotNET assemblies.
-
Donutloader family
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-