New HijackLoader Evasion Tactics
April 1, 2025, 10:27 a.m.
Description
HijackLoader, a malware loader discovered in 2023, has evolved with new modules and evasion tactics. Recent updates include call stack spoofing to mask function call origins, virtual machine detection to identify analysis environments, and persistence establishment via scheduled tasks. The loader now implements anti-VM checks, mutex creation, custom injection paths, and additional modules for various functions. Notable changes include the addition of new blocklisted processes and modifications to module decryption methods. HijackLoader's modular nature and continuous updates suggest ongoing efforts to enhance its anti-detection capabilities and complicate analysis.
Tags
Date
- Created: March 31, 2025, 7:05 p.m.
- Published: March 31, 2025, 7:05 p.m.
- Modified: April 1, 2025, 10:27 a.m.