hijackloader

General

Target

b93f7881155103cb85a167145bbe594b.bin.exe
Size

7.4MB
Sample

240804-jlyxfsvaqb
MD5

4bbc93cc56bf15816d8ce4ddc23a6a17
SHA1

d9f560d25157fc978c7b5c0f216c21958687a7d5
SHA256

7716fc431a6486354a6f450cdd275e05c63ae8bb7614cf8ad4509e1c67427a95
SHA512

46d359082e10b7c4b5b012678b99c8bb618b5190713aa9c7c972cef4bdec8a922bb3a30c4ef77b2d7b603e0c27cb64dd4312736c9c4830faa23a059e626a7152
SSDEEP

98304:diMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJbzEwqWfm1Rqvn:Yi68xQ+zLJOZwjgZ7CfaRSn

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

C2

https://109.120.185.28:443/e0bd9c1f4515facb49/gj28n35o.2n73x

Targets

- Target
  
  b93f7881155103cb85a167145bbe594b.bin.exe
- Size
  
  7.4MB
- MD5
  
  4bbc93cc56bf15816d8ce4ddc23a6a17
- SHA1
  
  d9f560d25157fc978c7b5c0f216c21958687a7d5
- SHA256
  
  7716fc431a6486354a6f450cdd275e05c63ae8bb7614cf8ad4509e1c67427a95
- SHA512
  
  46d359082e10b7c4b5b012678b99c8bb618b5190713aa9c7c972cef4bdec8a922bb3a30c4ef77b2d7b603e0c27cb64dd4312736c9c4830faa23a059e626a7152
- SSDEEP
  
  98304:diMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJbzEwqWfm1Rqvn:Yi68xQ+zLJOZwjgZ7CfaRSn
Score

10^/10

hijackloader rhadamanthys discovery loader stealer
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Hijackloader family
  hijackloader
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects HijackLoader (aka IDAT Loader)

Hijackloader family

Rhadamanthys

Rhadamanthys family

Suspicious use of NtCreateUserProcessOtherParentProcess

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2