Technical Analysis of TransferLoader

May 21, 2025, 8:28 p.m.

Description

TransferLoader is a newly identified malware loader active since February 2025. It comprises multiple components including a downloader, backdoor, and specialized loader. The malware employs various anti-analysis techniques and code obfuscation to hinder reverse engineering. TransferLoader has been observed delivering Morpheus ransomware. Its backdoor module enables execution of arbitrary commands on compromised systems and uses the InterPlanetary File System as a fallback for C2 server updates. The malware utilizes both HTTPS and raw TCP communication methods, with a unique encryption process for network packets. TransferLoader's consistent use in deploying additional payloads suggests it will continue to be a threat in future attacks.

External References

https://www.zscaler.com/blogs/security-research/technical-analysis-transferloader
https://otx.alienvault.com/pulse/682549c464fc8d3ea6a57b4d
Tags
backdoor
obfuscation
ransomware
anti-analysis
c2
downloader
morpheus
2025-05-15
ipfs
transferloader

Date

  • Created: May 15, 2025, 1:56 a.m.
  • Published: May 15, 2025, 1:56 a.m.
  • Modified: May 21, 2025, 8:28 p.m.

Indicators

  • b8f00bd6cb8f004641ebc562e570685787f1851ecb53cd918bc6d08a1caae750
  • b55ba0f869f6408674ee9c5229f261e06ad1572c52eaa23f5a10389616d62efe
  • 11d0b292ed6315c3bf47f5df4c7804edccbd0f6018777e530429cc7709ba6207
  • https://temptransfer.live/SkwkUTIoFTrXYRMd
  • https://sharemoc.space/XdYUmFd2xX
  • https://mainstomp.cloud/MDcMkjAxsLKsT
  • https://baza.com/loader.bin
Download all indicators here!

Attack Patterns

  • TransferLoader
  • Morpheus

Additional Informations

  • Legal
  • United States of America