hijackloader | bfd58f9f8557a8f8e8ddf4fad14a8588d1a529647c5aa170c0ed1bcf065fc287 | Triage

Submit
Reports

Overview

overview

Static

static

3

Rechnung01...82.pdf

windows7-x64

3

Rechnung01...82.pdf

windows10-2004-x64

Sharing

General

Target

Rechnung0192839182.pdf
Size

88KB
Sample

241010-gp7mnayhlf
MD5

b42da2c97afc62d51147fb36e96a648e
SHA1

ad631d0c4bef6b941bd61ff2860629e654a6c394
SHA256

bfd58f9f8557a8f8e8ddf4fad14a8588d1a529647c5aa170c0ed1bcf065fc287
SHA512

228db4bb8a54a80a19ac47744acb2bc70125bf73f5974b6cf45644544a1af1864a79a0648676904fd859956892c538e8d65d008cca3a8d9c58d6faa0a760a3fb
SSDEEP

1536:oFdBt4uc0o9uqdh+XICvr/HZ9QDUIWEtZgowq8sAsz+2Vb:cfnokwoIar/Htc+sAsz/b

Score

10^/10

hijackloader discovery link loader pdf

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Rechnung0192839182.pdf

Resource

win7-20240903-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Rechnung0192839182.pdf

Resource

win10v2004-20241007-en

hijackloader discovery loader

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  Rechnung0192839182.pdf
- Size
  
  88KB
- MD5
  
  b42da2c97afc62d51147fb36e96a648e
- SHA1
  
  ad631d0c4bef6b941bd61ff2860629e654a6c394
- SHA256
  
  bfd58f9f8557a8f8e8ddf4fad14a8588d1a529647c5aa170c0ed1bcf065fc287
- SHA512
  
  228db4bb8a54a80a19ac47744acb2bc70125bf73f5974b6cf45644544a1af1864a79a0648676904fd859956892c538e8d65d008cca3a8d9c58d6faa0a760a3fb
- SSDEEP
  
  1536:oFdBt4uc0o9uqdh+XICvr/HZ9QDUIWEtZgowq8sAsz+2Vb:cfnokwoIar/Htc+sAsz/b
Score

10^/10

discovery hijackloader loader
- Detects HijackLoader (aka IDAT Loader)
- HijackLoader
  HijackLoader is a multistage loader first seen in 2023.
  loader hijackloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

hijackloaderdiscoveryloader

© 2018-2024

Terms | Privacy