Dosya Kimligi
| SHA256 | c68ede9934529477f86d11b76c0a1c26bce2f5b0c76e13f5a3cdb37bb4e9e7d5 |
|---|---|
| Boyut | 11.912.164 byte (11MB) |
| Platform | .NET (sifrelenmis payload) |
| String Sayisi | 2.995 |
Sifreleme Izi
Obfuske string: S8bTcdJqZ2By776AxDR CreateEncryptor / CreateDecryptor -- .NET AES sifresi
HijackLoader (IDAT Loader) Hakkinda
HijackLoader (IDAT Loader olarak da bilinir), 2023 yilinda tespit edilen modüler bir loader ailesidir. PNG/IDAT basligi icinde sifrelenmis payload barindirir ve .NET Runtime uzerinde calisir. DLL hijacking + process hollowing kombinasyonu kullanir. RedLine, Raccoon, Lumma, LaplasClipper gibi stealerlari yükler. IDAT PNG sifreli payload izi runtime'da cozulur; statik string analizinde C2 bulunamaz.
IOC
| SHA256 | c68ede9934529477f86d11b76c0a1c26bce2f5b0c76e13f5a3cdb37bb4e9e7d5 |
|---|---|
| Sifreleme | AES (S8bTcdJqZ2By776AxDR string izi) |
| Metod | IDAT PNG Payload + DLL Hijacking |
Hijackloader — Malware Profile
HijackLoader IDAT Loader 2023. MSI paket gizleme. NtQueryInformationProcess anti-debug. OLU 1.2.35.3 build.
Technical Details
Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri
Capabilities & Behavior
IOC List (1 indicators)
# SHA256
c68ede9934529477f86d11b76c0a1c26bce2f5b0c76e13f5a3cdb37bb4e9e7d5
| Type | Value | Note |
|---|---|---|
| sha256 | c68ede9934529477f86d11b76c0a1c26bce2f5b0c76e13f5a3cdb37bb4e9e7d5 |