HijackLoader Updates
May 7, 2024, 8:48 a.m.
Description
HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Windows Defender Antivirus, User Account Control, inline API hooking, and employing process hollowing. The report delves into the technical details of HijackLoader's delivery method, involving the use of a PNG image for loading the next stage, as well as the various malware families it has been observed distributing, such as Amadey, Lumma Stealer, Racoon Stealer v2, and Remcos RAT.
Tags
Date
- Created: May 7, 2024, 8:36 a.m.
- Published: May 7, 2024, 8:36 a.m.
- Modified: May 7, 2024, 8:48 a.m.
Indicators
- discussiowardder.website
- fcadcee5388fa2e6d4061c7621bf268cb3d156cb879314fa2f518d15f5fa2aa2
- f37b158b3b3c6ef9f6fe08d0056915fc7e5a220d1dabb6a2b62364ae54dca0f1
- e0a4f1c878f20e70143b358ddaa28242bac56be709b5702f3ad656341c54fb76
- d95e82392d720911f7eb5d8856b8ccd2427e51645975cdf8081560c2f6967ffb
- cf42af2bdcec387df84ba7f8467bbcdad9719df2c524b6c9b7fffa55cfdc8844
- c215c0838b1f8081a11ff3050d12fcfe67f14442ed2e18398f0c26c47931df44
- 9b15cb2782f953090caf76efe974c4ef8a5f28df3dbb3eff135d44306d80c29c
- 7a8db5d75ca30164236d2474a4719046a7814a4411cf703ffb702bf6319939d7
- 56fd2541a36680249ec670d07a5682d2ef5a343d1feccbcf2c3da86bd546af85
- 1fbf01b3cb97fda61a065891f03dca7ed9187a4c1d0e8c5f24ef0001884a54da
Attack Patterns
- Meta Stealer
- Racoon Stealer v2
- Amadey - S1025
- Lumma Stealer
- Remcos
- Rhadamanthys
- T1548.001
- T1547.001
- T1562.001
- T1057
- T1055
- T1140