Hijackloader

Malware updated 25 days ago (2024-08-14T09:45:13.181Z)

Download STIX

Preview STIX

HijackLoader is a rapidly growing malware in the cybercrime community, designed to exploit and damage computer systems. It operates as a modular multi-stage loader with a strong focus on evading detection, making it a potent threat to cybersecurity. The malware infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom once inside. The malware's operation involves a series of stages, starting with an executable file, Setup.exe. When executed, this file loads and executes the HijackLoader first stage inside madBasic_.bpl via DLL search-order hijacking. The HijackLoader configuration file, named maidenhair.cfg, contains data that the loader uses to execute the final RemCos payload. This payload subsequently contacts the command-and-control (C2) server at 213.5.130[.]58[:]433. The HijackLoader malware is often contained within ZIP archives, which when executed, load the RemCos malware. The malware was also discovered targeting Ukrainian entities and Finland RemCos RAT, indicating its global reach. Advertised under the guise of a private crypting service, ASMCrypt, HijackLoader poses a significant threat to digital security due to its stealthy nature and multi-stage loading process.

Description last updated: 2024-08-14T08:51:22.962Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Asmcrypt	2	ASMCrypt is a novel malware crypter and loader that was first detailed in October 2023. It is an evolution of the DoubleFinger malware loader, which was previously used to deploy the GreetingGhoul cryptocurrency stealer. ASMCrypt was developed by cybercriminals with the aim of loading the final payl

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Loader

Payload

Malware Loader

Remcos

Cybercrime

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Systembc	Unspecified	2	SystemBC is a type of malware, or malicious software, that has been heavily utilized in cyber-attacks and data breaches. Throughout 2023, it was frequently used in conjunction with other malware like Quicksand and BlackBasta by cybercriminals to exploit vulnerabilities in computer systems. Play rans
Redline Stealer	Unspecified	2	RedLine Stealer is a malicious software (malware) that infiltrates computer systems and devices, often unbeknownst to users. The malware can infect systems through suspicious downloads, emails, or websites, causing significant damage by stealing personal information, disrupting operations, or even h

Source Document References

Information about the Hijackloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securelist	20 days ago	An overview of the BlindEagle APT’s activity in Latin America
Securelist	23 days ago	Tusk campaign uses infostealers and clippers for financial gain
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
DARKReading	a month ago	CrowdStrike 'Updates' Deliver Malware & More as Attacks Snowball
CrowdStrike	a month ago	Likely eCrime Actor Capitalizing on Falcon Sensor Issues \| CrowdStrike
InfoSecurity-magazine	2 months ago	Cybercriminals Exploit CrowdStrike Outage Chaos
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	5 months ago	Report: Russian Hackers Targeting Ukrainian Soldiers on Apps
Securityaffairs	5 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini