DonutLoader
DonutLoader is an open-source in-memory shellcode loader/framework used to convert and execute PE, DLL, .NET, and script payloads as position-independent shellcode entirely in memory. Across the provided reporting, it is consistently described as a first-stage or intermediate loader rather than the final payload, and is used to evade disk-based and signature-based detection by unpacking or injecting malware directly into processes such as explorer.exe, Chrome, and Microsoft Edge.
Observed delivery chains show DonutLoader used in multiple Windows-focused campaigns. It was used to launch a new Beagle backdoor from a fake Claude AI installer distributed via the malvertising domain claude-pro[.]com, where a malicious avk.dll decrypted NOVupdate.exe.dat and executed DonutLoader in memory after DLL sideloading through the legitimate signed G DATA updater NOVupdate.exe. In another campaign, a compromised Telnyx Python SDK on Windows deployed msbuild.exe, which extracted DonutLoader from a PNG image and loaded both a trojan and an AdaptixC2 beacon. Breakglass Intelligence also documented AgentTesla campaigns in which heavily obfuscated JavaScript droppers wrote a PE to C:\Users\Public\Libraries, established HKCU Run-key persistence, abused Microsoft App-V Scriptrunner.exe as a LOLBin, and then used a DonutLoader shellcode packer to execute AgentTesla entirely in memory. Additional reporting describes DonutLoader being dropped by PowerShell in phishing chains, used in a FedEx-themed batch/PowerShell/XWorm infection where shellcode was injected into explorer.exe, and used by LummaStealer operators as one of several interchangeable loaders before later shifts to CastleLoader.
Capabilities directly described in the content include in-memory unpacking and execution of payloads, shellcode-based process injection, and deployment of malware without leaving additional payload artifacts on disk beyond the initial dropper or sideloaded components. Specific payloads delivered via DonutLoader in the provided material include Beagle, AgentTesla, Remcos RAT, StealC v2, XWorm, AdaptixC2-associated beacons, and other trojans. One report states DonutLoader injected StealC v2 into Chrome and Microsoft Edge browser processes; another notes shellcode injection into explorer.exe followed by thread creation.
Threat activity associated with DonutLoader in the content spans financially motivated and malware-delivery ecosystems rather than a single actor. It appears in campaigns linked or related to PlugX-like tradecraft, TeamPCP/UNC6780 supply-chain activity, GrayBravo logistics-themed operations, LummaStealer delivery chains, and Sonbokli-tagged samples on MalwareBazaar. Targeting mentioned in the reporting includes corporate networks, software developers and users searching for AI tools, shipping/logistics/maritime/procurement organizations, and broader opportunistic victims reached through phishing, malvertising, fake software installers, and compromised packages.
High-confidence indicators and artifacts tied to DonutLoader usage in the provided content include claude-pro[.]com, license[.]claude-pro[.]com, NOVupdate.exe, NOVupdate.exe.dat, avk.dll, the XOR key SGkGHumNrDbt1OEHV3y2dVh5bQby2R used in one Beagle chain, 62[.]60[.]226[.]248 hosting DonutLoader payloads in late 2025, and Windows paths such as C:\Users\Public\Libraries<random>.exe and %APPDATA%\Microsoft\Windows\Templates\dwm.cmd in campaigns that subsequently dropped or invoked DonutLoader.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Vulnerabilities exploited
1 CVE Mallory has correlated with this family across public research and vendor advisories. Each row links to the full Mallory page for that vulnerability.
On Windows systems, the hack of the Telnyx Python SDK resulted in the deployment of an executable named "msbuild.exe" that employs several obfuscation techniques to evade detection and extracts DonutLoader, a shellcode loader, from a PNG image present within the binary to load a full-featured trojan and a beacon associated with AdaptixC2, an open-source command-and-control (C2) framework.
Groups observed using it
2 distinct threat actors attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
On Windows systems, the hack of the Telnyx Python SDK resulted in the deployment of an executable named "msbuild.exe" that employs several obfuscation techniques to evade detection and extracts DonutLoader, a shellcode loader, from a PNG image present within the binary to load a full-featured trojan and a beacon associated with AdaptixC2, an open-source command-and-control (C2) framework.
...Velvet Tempest ... used a ClickFix lure ... to drop payloads like DonutLoader and CastleRAT.
Techniques & procedures
24 distinct techniques documented for this family, organized by ATT&CK tactic.
Resource Development
2 techniquesThe campaign appears to be spreading through malvertising, where attackers pay to place malicious links in search engine ads and sponsored results.
Threat actors may have also used SEO poisoning to further boost the site’s visibility in organic search results.
Initial Access
2 techniquesMany of the Keitaro IP addresses we saw in the AS214351 network host and distribute malware.
Stage 1: Email Delivery Victim receives spearphishing email with .JS attachment Lure themes: "Bill of Lading", "Vessel Particulars", "Urgent Inquiry For Quotation"
Execution
5 techniques62[.]60[.]226[.]248 hosted the DonutLoader malware payload... a memory‑only loader that turns PE/.NET/DLL/script into shellcode and injects them into other processes.
MITRE ATT&CK Mapping Tactic Technique ID Application Execution PowerShell T1059.001 Invoke-WebRequest + Add-Type inline C#
Stage 2: JavaScript Execution via WSH Double-click triggers WScript.exe (Windows Script Host) Script begins deobfuscation through 4-layer chain
"Velvet Tempest ... observed using a ClickFix lure, followed by hands-on-keyboard activity"
"...relies on affiliates, social engineering, fake cracked software, and fake CAPTCHA “ClickFix” lures." / "ClickFix pages trick users into pasting malicious PowerShell commands."
Persistence
1 techniquePrivilege Escalation
3 techniquesAfter unpacking the core archives, the malware moves into an advanced code injection stage.
MITRE ATT&CK Mapping Tactic Technique ID Application Execution Reflective Code Loading T1620 Donut decrypts + loads PE in-memory Defense Evasion Obfuscated Files: Embedded Payloads T1027.009 Chaskey-16 CTR encrypted Donut payloads Defense Evasion Masquerading: Legitimate Name T1036.005 Process named nsvchost.exe Defense Evasion Subvert Trust Controls T1553 Inline C# avoids pre-compiled AV detection Privilege Escalation Token Manipulation T1134.001 SeDebugPrivilege via AdjustTokenPrivileges Discovery Process Discovery T1057 CreateToolhelp32Snapshot for svchost.exe Lateral Movement Process Injection: DLL Injection T1055.001 VirtualAllocEx + WriteProcessMemory into svchost.exe
Stealth
11 techniquesOn Windows systems, the hack of the Telnyx Python SDK resulted in the deployment of an executable named "msbuild.exe" that employs several obfuscation techniques to evade detection...
...extracts DonutLoader, a shellcode loader, from a PNG image present within the binary to load a full-featured trojan and a beacon associated with AdaptixC2...
The dropped PE is not AgentTesla itself but a DonutLoader shellcode packer. DonutLoader unpacks and executes the AgentTesla binary entirely in memory, leaving no additional artifacts on disk beyond the initial dropper.
extracts DonutLoader, a shellcode loader, from a PNG image present within the binary
MITRE ATT&CK Mapping Tactic Technique ID Application Execution Reflective Code Loading T1620 Donut decrypts + loads PE in-memory Defense Evasion Obfuscated Files: Embedded Payloads T1027.009 Chaskey-16 CTR encrypted Donut payloads
Attackers set up a convincing lookalike website to distribute a dangerous installer... The fake site, hosted at claude-pro[.]com, closely mirrors the look and feel of the real Claude website, using similar fonts and color schemes.
After unpacking the core archives, the malware moves into an advanced code injection stage.
MITRE ATT&CK Mapping Tactic Technique ID Application Execution Reflective Code Loading T1620 Donut decrypts + loads PE in-memory Defense Evasion Obfuscated Files: Embedded Payloads T1027.009 Chaskey-16 CTR encrypted Donut payloads Defense Evasion Masquerading: Legitimate Name T1036.005 Process named nsvchost.exe Defense Evasion Subvert Trust Controls T1553 Inline C# avoids pre-compiled AV detection Privilege Escalation Token Manipulation T1134.001 SeDebugPrivilege via AdjustTokenPrivileges Discovery Process Discovery T1057 CreateToolhelp32Snapshot for svchost.exe Lateral Movement Process Injection: DLL Injection T1055.001 VirtualAllocEx + WriteProcessMemory into svchost.exe
The program decodes these items at runtime via a simple single-byte mathematical conversion.
After dropping the PE payload to C:\Users\Public\Libraries\ , the dropper does not execute it directly. Instead, it invokes Scriptrunner.exe -appvscript <payload_path> , abusing the legitimate Microsoft App-V Scriptrunner binary as a Living-off-the-Land Binary (LOLBin).
The loader leverages a specialized position-independent execution stub known as DonutLoader shellcode.
Command and Control
3 techniquesThe hack of the Telnyx Python SDK resulted in the deployment of an executable named "msbuild.exe" ... to load a full-featured trojan and a beacon associated with AdaptixC2, an open-source command-and-control (C2) framework.
MITRE ATT&CK Mapping Tactic Technique ID Application Execution Reflective Code Loading T1620 Donut decrypts + loads PE in-memory Defense Evasion Obfuscated Files: Embedded Payloads T1027.009 Chaskey-16 CTR encrypted Donut payloads Defense Evasion Masquerading: Legitimate Name T1036.005 Process named nsvchost.exe Defense Evasion Subvert Trust Controls T1553 Inline C# avoids pre-compiled AV detection Privilege Escalation Token Manipulation T1134.001 SeDebugPrivilege via AdjustTokenPrivileges Discovery Process Discovery T1057 CreateToolhelp32Snapshot for svchost.exe Lateral Movement Process Injection: DLL Injection T1055.001 VirtualAllocEx + WriteProcessMemory into svchost.exe Collection Screen Capture T1113 GDI BitBlt screenshot Credential Access Credentials from Web Browsers T1555.003 Chrome/Edge/Brave/Opera/Vivaldi credential theft Credential Access Steal Web Session Cookie T1539 Cookie file theft from Chromium browsers Credential Access Credentials in Files T1552.001 OpenVPN auth.txt, crypto wallet files Command and Control Web Protocols T1071.001 HTTP C2 for payload delivery and exfiltration
Command and Control Ingress Tool Transfer T1105 BitsAdmin/PowerShell downloading payloads
IOCs tracked for this family
50 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
IPs, domains, and DNS infrastructure linked to this family.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Other indicator types observed in public reporting.
Recent activity
14 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A position-independent in-memory loader/shellcode used to launch the final payload directly in memory, shifting execution away from managed .NET toward a more portable, runtime-independent payload delivery model.
An open-source in-memory loader used in this campaign to deploy the Beagle backdoor entirely in memory, helping evade disk-based detection.
A first-stage shellcode loader hidden in an encrypted data file and executed in memory via DLL sideloading. It decrypts and delivers the final Beagle backdoor payload.
A shellcode loader extracted from a PNG image by a malicious msbuild.exe payload to load additional malware, including a trojan and an AdaptixC2-associated beacon.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.