Skip to content

Hide Navigation Hide TOC

HackTool - HollowReaper Execution (85d23b42-9a9d-4f8f-b3d7-d2733c1d58f5)

Detects usage of HollowReaper, a process hollowing shellcode launcher used for stealth payload execution through process hollowing. It replaces the memory of a legitimate process with custom shellcode, allowing the attacker to execute payloads under the guise of trusted binaries.

Cluster A Galaxy A Cluster B Galaxy B Level
HackTool - HollowReaper Execution (85d23b42-9a9d-4f8f-b3d7-d2733c1d58f5) Sigma-Rules Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 1
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2