hijackloader

General

Target

2vihq6
Size

15KB
Sample

240630-e7fwjsxdkq
MD5

cf4ebcb07b804d32081242280bc2ea52
SHA1

627fcdaf9337c42ccdaa2438d26adec6c03ed5b5
SHA256

bb1d7905d63720d82fe67301658d4d75f3e616dd321f8358bc6605cb3a2435f7
SHA512

23edc7e685cd04ac2ffd2c555a7a68dc19172077337c3caaae8a5c529fa6033233655cf5e525bdff12a6e2c71b03cbbfaf134702ba896cf3a30967f5ca0cf45c
SSDEEP

192:PNxyShvK9moqTJkNrv23Wk57aa/R2EwtXoGTTeki+8NvGQHrzlybPN:yShi9boJkNzq7aQVwbTTed4QH3YN

Score

10^/10

Malware Config

Targets

- Target
  
  2vihq6
- Size
  
  15KB
- MD5
  
  cf4ebcb07b804d32081242280bc2ea52
- SHA1
  
  627fcdaf9337c42ccdaa2438d26adec6c03ed5b5
- SHA256
  
  bb1d7905d63720d82fe67301658d4d75f3e616dd321f8358bc6605cb3a2435f7
- SHA512
  
  23edc7e685cd04ac2ffd2c555a7a68dc19172077337c3caaae8a5c529fa6033233655cf5e525bdff12a6e2c71b03cbbfaf134702ba896cf3a30967f5ca0cf45c
- SSDEEP
  
  192:PNxyShvK9moqTJkNrv23Wk57aa/R2EwtXoGTTeki+8NvGQHrzlybPN:yShi9boJkNzq7aQVwbTTed4QH3YN
Score

10^/10

hijackloader discovery loader persistence privilege_escalation spyware stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1