MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d8667c7bdda378d6379af70212f67f6d7c5b0169fa8a6a624b653d77850a774. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DonutLoader

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	7d8667c7bdda378d6379af70212f67f6d7c5b0169fa8a6a624b653d77850a774
SHA3-384 hash:	98ea6b5e08b79c72f7c90f58531fb306446b1ab5dcb94d33d7817cf3d55c3cd03fa81acd8ae02a57079c997badd81a93
SHA1 hash:	cd308ea74acd19b7c5ffaffbfac944af5be18346
MD5 hash:	5e0fbeea5d86d269b371666d76fe76a8
humanhash:	massachusetts-harry-march-victor
File name:	Technical specification.js
Download:	download sample
Signature	DonutLoader Create hunting rule
File size:	5'757'812 bytes
First seen:	2025-12-23 19:24:36 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	49152:9G/tI8Ualt8aoemNc/AvDjfRRItSK1aAuoGZav+PZRoYSqq2CDi0T2R7VNGTtuRf:AVFUCiaoeqc/AvHRRItSKnSpP
TLSH	T19746D60D94C70053C452BEFD2E2E76918C067E232ADB3C56717FB49B347E989E662E24
Magika	javascript
Reporter	smica83
Tags:	donutloader js

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=694aecab01c7b4a8fe552ae9

Tags:

autorun autoit emotet

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug autoit dropper evasive expired-cert fingerprint keylogger lolbin obfuscated persistence repaired schtasks

Link:

https://www.filescan.io/uploads/694aeca6e126b9ff438ed733/reports/1ba2ab4c-d3e1-4ee0-b5b4-6ed099a65bdf/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/7d8667c7bdda378d6379af70212f67f6d7c5b0169fa8a6a624b653d77850a774

Verdict:

Malicious

File Type:

First seen:

2025-12-23T16:36:00Z UTC

Last seen:

2025-12-23T17:01:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Dropper.Script.Generic HEUR:Trojan.Script.Generic Trojan.JS.SAgent.sb

Link:

https://opentip.kaspersky.com/7d8667c7bdda378d6379af70212f67f6d7c5b0169fa8a6a624b653d77850a774/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1838405

Signature

JavaScript source code contains functionality to generate code involving a shell, file or stream

Sigma detected: WScript or CScript Dropper

Behaviour

Behavior Graph:

Download SVG

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7d8667c7bdda378d6379af70212f67f6d7c5b0169fa8a6a624b653d77850a774/

Verdict:

Malicious

Threat:

Family.REMCOS

Link:

https://tip.neiki.dev/file/7d8667c7bdda378d6379af70212f67f6d7c5b0169fa8a6a624b653d77850a774

Threat name:

Binary.Trojan.Generic

Status:

Suspicious

First seen:

2025-12-23 06:56:14 UTC

File Type:

Binary

AV detection:

3 of 24 (12.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pwdgpr553i3y2y3zv5yccl3h63l4lmawt6uknjrewzj5o6cqu52a._file

Result

Malware family:

donutloader

Score:

10/10

Tags:

family:donutloader discovery execution loader persistence

Link:

https://tria.ge/reports/251225-nydjhawkaz/

Behaviour

Scheduled Task/Job: Scheduled Task

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Checks computer location settings

Executes dropped EXE

Detects DonutLoader

DonutLoader

Donutloader family

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7d8667c7bdda378d6379af70212f67f6d7c5b0169fa8a6a624b653d77850a774

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample