Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Threats Trojan Win64

Trojan.Win64.Donut.xab

Update Date
11/07/2023

Class: Trojan

A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).

Read more

Platform: Win64

Win64 is a platform on Windows-based operating systems for execution of 32-/64-bit applications. Win64 programs cannot be launched on 32-bit versions of Windows.

Family: Virus.Win32.Donut

No family description

Examples

488E0A6FEE64207CAD2237097B80985C
06AC369AB63D0026F6ED6F18C1FAE8BB
D329D0B828DAC4FC144ECCA6AC518B9E
B6F996959B1B74CC18690BB29F6B8C47
8AE95B54EEBF0A658607C4A149362581

Tactics and Techniques: Mitre*

TA0004
Privilege Escalation

Adversaries may inject malicious code into processes via the asynchronous procedure call (APC) queue in order to evade process-based defenses as well as possibly elevate privileges. APC injection is a method of executing arbitrary code in the address space of a separate live process.


T1055.004
Asynchronous Procedure Call

Adversaries may inject malicious code into processes via the asynchronous procedure call (APC) queue in order to evade process-based defenses as well as possibly elevate privileges. APC injection is a method of executing arbitrary code in the address space of a separate live process.


TA0005
Defense Evasion

Adversaries may inject malicious code into processes via the asynchronous procedure call (APC) queue in order to evade process-based defenses as well as possibly elevate privileges. APC injection is a method of executing arbitrary code in the address space of a separate live process.


T1055.004
Asynchronous Procedure Call

Adversaries may inject malicious code into processes via the asynchronous procedure call (APC) queue in order to evade process-based defenses as well as possibly elevate privileges. APC injection is a method of executing arbitrary code in the address space of a separate live process.


T1055.012
Process Hollowing

Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.


* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
25 September 2025
Securelist
Massive npm infection: the Shai-Hulud worm and patient zero
19 September 2025
Securelist
Threat landscape for industrial automation systems in Q2 2025
16 September 2025
Securelist
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
15 September 2025
Securelist
Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers
10 September 2025
Securelist
Notes of cyber inspector: three clusters of threat in cyberspace
05 September 2025
Securelist
IT threat evolution in Q2 2025. Mobile statistics
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Threat
Confirm changes?
Your message has been sent successfully.