SYMBOLCOMMON_NAMEaka. SYNONYMS
win.donut_injector (Back to overview)

donut_injector

aka: Donut

Donut is an open-source in-memory injector/loader, designed for execution of VBScript, JScript, EXE, DLL files and dotNET assemblies. It was used during attacks against U.S. organisations according to Threat Hunter Team (Symantec) and U.S. Defence contractors (Unit42).
Github: https://github.com/TheWover/donut

References
2022-07-30cocomelonc
Malware AV evasion - part 8. Encode payload via Z85
Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector
2020-06-26SymantecCritical Attack Discovery and Intelligence Team
WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations
donut_injector WastedLocker
2019-05-09Github (thewover)The Wover
Donut - Injecting .NET Assemblies as Shellcode
donut_injector

There is no Yara-Signature yet.