Malware Analysis Series 1 — Will Donut’s generated shellcode ever fail?
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | 5398545f-53f3-4b9a-adf7-c33ceba6c780 |
| Fingerprint | af380d122cef4471 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Aug. 3, 2023, 12:38 a.m. |
| Added to db | Aug. 3, 2023, 3 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Malware Analysis Series 1 — Will Donut’s generated shellcode ever fail? |
| Title | Malware Analysis Series 1 — Will Donut’s generated shellcode ever fail? |
| Detected Hints/Tags/Attributes | 16/1/15 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
| Details | 171 | ✔ | Malware on Medium | https://medium.com/feed/tag/malware | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 2 | donut.exe |
|
| Details | File | 6 | loader.bin |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 2 | threads.cpp |
|
| Details | Github username | 10 | thewover |
|
| Details | Github username | 7 | dotnet |
|
| Details | Url | 1 | https://github.com/thewover/donut/blob/master/loader/inmem_dotnet.c#l113c1 |
|
| Details | Url | 5 | https://github.com/thewover/donut |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/dotnet/api/system.appdomain.createdomain?view=net-7.0 |
|
| Details | Url | 1 | https://github.com/dotnet/runtime/blob/main/src/coreclr/vm/threads.cpp#l2261 |
|
| Details | Url | 1 | https://github.com/dotnet/runtime/blob/main/src/coreclr/vm/threads.cpp#l2184 |