MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cb744012e8115ee284e962932da78f2445ef2c766569b09f294f33b4d9c0560. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DonutLoader

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	7cb744012e8115ee284e962932da78f2445ef2c766569b09f294f33b4d9c0560
SHA3-384 hash:	138069a7a3522511910fc278e4e37a36b3fff67e17e30cf432f682bc212806e5167f2a1c769c41f803099872a56e64fe
SHA1 hash:	df317306f58e9c38ea474787d10dec9a967417b7
MD5 hash:	40246c65938157ff0a7bb6e4c8fa3f50
humanhash:	ten-robin-mississippi-bravo
File name:	7cb744012e8115ee284e962932da78f2445ef2c766569b09f294f33b4d9c0560.bat
Download:	download sample
Signature	DonutLoader Create hunting rule
File size:	1'103 bytes
First seen:	2025-09-24 12:12:12 UTC
Last seen:	Never
File type:	bat
MIME type:	text/x-msdos-batch
ssdeep	24:Q80PYtiZ1RQVXR2b+SYSfFMZnF+hwxda62pV:j9QZQVIanY2ZnAhwxo62pV
Threatray	1'415 similar samples on MalwareBazaar
TLSH	T1C8116F433FC78A0B0311DD1B719FC95136ABA73FA829BFAA9C5852D7CC6081C1A54067
Magika	batch
Reporter	JAMESWT_WT
Tags:	45-141-87-195 bat donutloader windowsupdateserver-ddnsgeek-com

Intelligence

File Origin

# of uploads :

1

# of downloads :

44

Origin country :

IT

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

7cb744012e8115ee284e962932da78f2445ef2c766569b09f294f33b4d9c0560.bat

Verdict:

No threats detected

Analysis date:

2025-09-24 13:00:39 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/be28fb18-9dfa-4420-b093-9e658d24bc77

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28784/

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68d54052cc9425144151ce97

Tags:

autorun emotet

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

obfuscated powershell

Link:

https://www.filescan.io/uploads/68d3e03074e5a2898990ea9a/reports/b780ba20-bed2-45f6-8f30-95f761ae446e/overview

Verdict:

Malicious

Labled as:

BZC.MNT.Boxter.794

Link:

https://www.hybrid-analysis.com/sample/7cb744012e8115ee284e962932da78f2445ef2c766569b09f294f33b4d9c0560

Verdict:

Unknown

File Type:

unix shell

First seen:

2025-07-15T15:27:00Z UTC

Last seen:

2025-07-15T15:27:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/7cb744012e8115ee284e962932da78f2445ef2c766569b09f294f33b4d9c0560/results?tab=lookup

Score:

85%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/7cb744012e8115ee284e962932da78f2445ef2c766569b09f294f33b4d9c0560

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7cb744012e8115ee284e962932da78f2445ef2c766569b09f294f33b4d9c0560/

Threat name:

Win32.Exploit.Boxter

Status:

Malicious

First seen:

2025-07-15 08:45:51 UTC

File Type:

Text (Batch)

AV detection:

11 of 38 (28.95%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ps3uiajoqek64kcosyutfwty6jcf54whmzljwcpsstztwtm4avqa._file

Verdict:

malicious

Label(s):

dcrat

donut_injector

Similar samples:

3f9573841a93c95c4070b90b71ea08be448733d2562f6d0457dd70e0b2093ae0

59afee68c53a871b7491abefe4e660b54b8aee1b3e4781b2aaf46c8b6af82708

67c39f2e56dc93e4b6f16b4658366462f8f90acad03792b2f5c1797bd9f89702

77317ecdb69ec9d71cdc59193e4fb68840fedc38b7b46b4f957b227df7961bfd

9501bd6236e2e36cd2afbcf4126b44f7aff1f0b51d675ba3c26587ba02c108ce

ced40caee716f956a4db4d96f10daa8b80f6c30371f2490129b6cf212dcfd223

d20d4e90de355c90f4d9a0b7b80cf1aa32fe8b9b7aba5db730cfdde16df43021

+ 1'405 additional samples on MalwareBazaar

Result

Malware family:

donutloader

Score:

10/10

Tags:

family:asyncrat family:donutloader botnet:11neik11 discovery loader rat

Link:

https://tria.ge/reports/250924-pdgabsxthw/

Behaviour

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Drops startup file

Executes dropped EXE

Badlisted process makes network request

Async RAT payload

AsyncRat

Asyncrat family

Detects DonutLoader

DonutLoader

Donutloader family

Malware Config

C2 Extraction:

windowsupdateserver.ddnsgeek.com:7786

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7cb744012e8115ee284e962932da78f2445ef2c766569b09f294f33b4d9c0560

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/28784/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample