MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DonutLoader


Vendor detections: 16


Intelligence 16 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d
SHA3-384 hash: 4706caa1697b27a6a55f0a229823fa6dc78a5489774a9ffbecea9fa2138d3e68b6e4dfb4dbf7e1ff06b44e44d5ec187c
SHA1 hash: b8fcd8e73eec3e03a5bfdb0fc8b317d346af39f2
MD5 hash: 2b09fb08ee7a5e9828589f02788c6e81
humanhash: violet-four-fanta-enemy
File name:SecuriteInfo.com.Win64.MalwareX-gen.45147977
Download: download sample
Signature DonutLoader
Create hunting rule
File size:118'272 bytes
First seen:2025-11-23 17:47:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 16b044231e4b12a9ad7fc7d47095646f (4 x DonutLoader)
ssdeep 3072:Oe3Co6YLc3fyoqvKBZm1n61Vh4pCPjIS:OdYQ3z5BZmwVh1Z
Threatray 237 similar samples on MalwareBazaar
TLSH T12CC36D5B73E530F9E1B78239C8A60A45E776B8361760AFEF03A046565F236D08D3DB21
TrID 44.4% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter SecuriteInfoCom
Tags:donutloader exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d.zip
Verdict:
Malicious activity
Analysis date:
2025-11-23 17:51:39 UTC
Tags:
arch-exec stealc stealer
Link:
https://app.any.run/tasks/4ff01081-e702-4a3e-9ca0-4a640fdc5491

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/41167/
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=692348e3a59c70c97d6a0c65
Tags:
shellcode dropper cobalt trojan
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Connection attempt
Sending an HTTP GET request
Сreating synchronization primitives
Sending an HTTP POST request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm microsoft_visual_cc redcap stealer
Link:
https://www.filescan.io/uploads/692348e25d3feebe12d83c9c/reports/49b5da48-fdb8-4996-bc7c-4b81f78dacf3/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d
Result
Gathering data
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-11-23T11:54:00Z UTC
Last seen:
2025-11-23T14:37:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d/results?tab=lookup
Score:
94%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/2b09fb08ee7a5e9828589f02788c6e81
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d/
Verdict:
Malicious
Threat:
Family.DONUTLOADER
Link:
https://tip.neiki.dev/file/7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d
Threat name:
Win64.Trojan.LummaStealer
Create hunting rule
Status:
Malicious
First seen:
2025-11-23 15:21:54 UTC
File Type:
PE+ (Exe)
AV detection:
20 of 36 (55.56%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p4iprgvikoiis7nwua56kssu46ttwwtyeokfegjecxlj5ckraooq._file
Verdict:
malicious
Label(s):
shellcode_loader_007
Create hunting rule
donutloader
Create hunting rule
stealc
Create hunting rule
Similar samples:
0f5d52e0b104dc37a4b8832bb9a691f1f42bc90589faf62a58281a8f59a881f0
DonutLoader
1ca9b7e7740770ca5f710193adcc9db9f7c3a1b5b5b188cfb21b8c1d1c1acb85
DonutLoader
658d3acfc7e71d6b3451973ab8c207dca57264f9b17fc9e37c8b7a1e46561489
DonutLoader
ae525cc8316e04ab303e21633e179ff833f32123d61a8b2a35f62858e25b60aa
DonutLoader
b48ca5ed8ade8ddce0899dd33a3d8365ac2cac377a6c4b9399556e12cb807b2f
DonutLoader
c36d6aa31395cdae0a5623dd10984e235a6986d61d4f7e1db0849f88000cfc01
DonutLoader
+ 227 additional samples on MalwareBazaar
Result
Malware family:
donutloader
Create hunting rule
Score:
  10/10
Tags:
family:donutloader discovery loader spyware stealer
Link:
https://tria.ge/reports/251123-wdk2vabl4t/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks computer location settings
Reads user/profile data of web browsers
Badlisted process makes network request
Detects DonutLoader
DonutLoader
Donutloader family
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d96d21a2-f856-4c2d-9b0f-760dfcc8222b
Unpacked files
SH256 hash:
7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d
MD5 hash:
2b09fb08ee7a5e9828589f02788c6e81
SHA1 hash:
b8fcd8e73eec3e03a5bfdb0fc8b317d346af39f2
Link:
https://www.unpac.me/results/8bc40c23-de2d-4df2-b396-f3e19176a922/
Malware family:
DonutLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/7f10f89aa853/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DonutLoader

Executable exe 7f10f89aa85390897db6a03be54a54e7a73b5a78239452192415d69e8951039d

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/41167/
  
URLhaus
https://urlhaus.abuse.ch/url/3715163/
  
Delivery method
Distributed via web download

Comments