Summary:
Cybercriminals have recently unleashed a new malware loader known as HijackLoader, serving as a conduit for various malicious payloads such as DanaBot, SystemBC, and RedLine Stealer. Despite its seemingly unremarkable feature set, this loader stands out due to its modular architecture, enabling it to employ a diverse array of modules for code injection and execution, a capability uncommon among most loaders. Initially discovered in July 2023, HijackLoader employs an assortment of evasive techniques to avoid detection, including delaying code execution, monitoring processes related to security software, and leveraging syscalls to slip past security solutions. The exact initial access vector remains unidentified, but this loader's resilience lies in its anti-analysis features and the inclusion of a significant instrumentation module facilitating flexible code injection and execution through embedded modules.[/subscribe_to_unlock_form]
Summary:
Cybercriminals have recently unleashed a new malware loader known as HijackLoader, serving as a conduit for various malicious payloads such as DanaBot, SystemBC, and RedLine Stealer. Despite its seemingly unremarkable feature set, this loader stands out due to its modular architecture, enabling it to employ a diverse array of modules for code injection and execution, a capability uncommon among most loaders. Initially discovered in July 2023, HijackLoader employs an assortment of evasive techniques to avoid detection, including delaying code execution, monitoring processes related to security software, and leveraging syscalls to slip past security solutions. The exact initial access vector remains unidentified, but this loader's resilience lies in its anti-analysis features and the inclusion of a significant instrumentation module facilitating flexible code injection and execution through embedded modules.[emaillocker id="1283"]
HijackLoader's modular design grants it the ability to execute a variety of evasion tactics, making it a versatile tool for delivering malicious payloads. However, it is important to note that the code quality of this loader is subpar, and it lacks advanced functionalities. Despite these shortcomings, its increasing prevalence in cybercrime suggests potential future updates and expanded adoption by threat actors. Notably, it may attempt to fill the void left by the now-defunct Emotet and Qakbot malware, making it a noteworthy development in the evolving landscape of cyber threats.
HijackLoader has emerged as a modular malware loader with evasion capabilities that offer a range of options for delivering malicious payloads. While it may lack sophistication and exhibit poor code quality, its adaptability and persistent presence in the threat landscape indicate its potential for further evolution and increased utilization by cybercriminals. As organizations bolster their defenses against such threats, the cybersecurity community should remain vigilant, anticipating ongoing developments in malware like HijackLoader.
Threat Profile:
References:
The following reports contain further technical details:
https://thehackernews.com/2023/09/new-hijackloader-modular-malware-loader.html
[/emaillocker]