Manuel Statik Analiz (LLM Okumali) — HijackLoader (IDAT Loader) | Tehdit: YUKSEK

Dosya Kimligi

SHA256c68ede9934529477f86d11b76c0a1c26bce2f5b0c76e13f5a3cdb37bb4e9e7d5
Boyut11.912.164 byte (11MB)
Platform.NET (sifrelenmis payload)
String Sayisi2.995

Sifreleme Izi

Obfuske string: S8bTcdJqZ2By776AxDR
CreateEncryptor / CreateDecryptor -- .NET AES sifresi

HijackLoader (IDAT Loader) Hakkinda

HijackLoader (IDAT Loader olarak da bilinir), 2023 yilinda tespit edilen modüler bir loader ailesidir. PNG/IDAT basligi icinde sifrelenmis payload barindirir ve .NET Runtime uzerinde calisir. DLL hijacking + process hollowing kombinasyonu kullanir. RedLine, Raccoon, Lumma, LaplasClipper gibi stealerlari yükler. IDAT PNG sifreli payload izi runtime'da cozulur; statik string analizinde C2 bulunamaz.

IOC

SHA256c68ede9934529477f86d11b76c0a1c26bce2f5b0c76e13f5a3cdb37bb4e9e7d5
SifrelemeAES (S8bTcdJqZ2By776AxDR string izi)
MetodIDAT PNG Payload + DLL Hijacking

Hijackloader — Malware Profile

HijackLoader IDAT Loader 2023. MSI paket gizleme. NtQueryInformationProcess anti-debug. OLU 1.2.35.3 build.

Malware Type
Loader
Programming Language
C
C2 Protocol
HTTP
Target Systems
Windows
Also Known As (AKA)
IDAT Loader

Technical Details

Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri

Capabilities & Behavior

Payload İndirme
Süreç Enjeksiyonu
Modüler Mimari
Kimlik Bilgisi Hırsızlığı
Yanal Hareket
Kalıcılık
Anti-VM/Sandbox
İkincil Payload Dağıtımı

IOC List (1 indicators)

IOC — HijackLoader
# SHA256 c68ede9934529477f86d11b76c0a1c26bce2f5b0c76e13f5a3cdb37bb4e9e7d5
TypeValueNote
sha256 c68ede9934529477f86d11b76c0a1c26bce2f5b0c76e13f5a3cdb37bb4e9e7d5
Tags
hijackloaderidat-loadernetaesloaderikinci-asama