hijackloader | 9e4130379c0d965fd6ef2fba7e400258c84d063b9b73508b54e954d9a9fedea7 | Triage

Submit
Reports

Overview

overview

Static

static

LisectAVT_...06.exe

windows7-x64

LisectAVT_...06.exe

windows10-2004-x64

Sharing

General

Target

LisectAVT_2403002A_206.exe
Size

2.3MB
Sample

240724-3v7qhavcqp
MD5

e585f3a248e9df2acd69bd1ccab87933
SHA1

63d8b10e143b1189cbd39a97866ada23ed0515e7
SHA256

9e4130379c0d965fd6ef2fba7e400258c84d063b9b73508b54e954d9a9fedea7
SHA512

c8dd113c0981f999fc23a63eadd2f8b3f3921b6a565479f2a2f1600d2fb7495a8288303d8eb6e7e3b28c4687242f8856a37c39a9da90accde8a1e4d018e244ee
SSDEEP

49152:KJfe3owTB0iX39aF7VnwFmvS/5pvXTOyPC3j5gMYKuQ7CzS3vv3jirr3jjWiTaOw:KNe3owTB0iX3gFtwFmvS/3PTNaTbuVz7

Score

10^/10

hijackloader discovery evasion loader

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

LisectAVT_2403002A_206.exe

Resource

win7-20240705-en

hijackloader discovery evasion loader

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

LisectAVT_2403002A_206.exe

Resource

win10v2004-20240709-en

hijackloader discovery evasion loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  LisectAVT_2403002A_206.exe
- Size
  
  2.3MB
- MD5
  
  e585f3a248e9df2acd69bd1ccab87933
- SHA1
  
  63d8b10e143b1189cbd39a97866ada23ed0515e7
- SHA256
  
  9e4130379c0d965fd6ef2fba7e400258c84d063b9b73508b54e954d9a9fedea7
- SHA512
  
  c8dd113c0981f999fc23a63eadd2f8b3f3921b6a565479f2a2f1600d2fb7495a8288303d8eb6e7e3b28c4687242f8856a37c39a9da90accde8a1e4d018e244ee
- SSDEEP
  
  49152:KJfe3owTB0iX39aF7VnwFmvS/5pvXTOyPC3j5gMYKuQ7CzS3vv3jirr3jjWiTaOw:KNe3owTB0iX3gFtwFmvS/3PTNaTbuVz7
Score

10^/10

hijackloader discovery evasion loader
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hijackloaderdiscoveryevasionloader

behavioral2

hijackloaderdiscoveryevasionloader

© 2018-2024

Terms | Privacy