The Evolution of a Cyber Threat: From JinxLoader to Astolfo Loader

Nov. 26, 2024, 10:02 p.m.

Description

JinxLoader, a Go-based malware loader distributed via phishing emails, has evolved into Astolfo Loader. Originally sold on Hack Forums, JinxLoader was designed to deploy additional malware on Windows and Linux systems. The malware operates as a Malware-as-a-Service, making sophisticated tools accessible to a broader range of cybercriminals. Astolfo Loader, a rebranded version written in C++, offers improved performance and smaller file size. Both loaders employ anti-analysis techniques and geolocation checks before connecting to command-and-control servers. This evolution demonstrates the rapid spread and adaptation of malware variants in the cybercriminal ecosystem.

External References

https://blogs.blackberry.com/en/2024/11/jinxloader-evolution
https://otx.alienvault.com/pulse/67463eee704b653bfaaf9dd8
Tags
c2
2024-11-26
jinxloader
astolfo loader

Date

  • Created: Nov. 26, 2024, 9:34 p.m.
  • Published: Nov. 26, 2024, 9:34 p.m.
  • Modified: Nov. 26, 2024, 10:02 p.m.

Indicators

  • cybercrime_AstlofloLoader
  • f51f984211d289d1d611952855749a5fefea4bebec377073182bde8ce12af2a8
  • 1b936178c97f935fd669773f5d627359bff2e45b3317422c314d1447696cabbe
  • http://154.216.17.65/
  • http://serverdops.ddns.net:6171
  • http://xscapezo.capetown:6171
Download all indicators here!

Attack Patterns

  • Astolfo Loader
  • Jinxloader
  • XLoader
  • Formbook
  • T1497.003
  • T1571
  • T1583.005
  • T1059.007
  • T1497
  • T1057
  • T1566.001
  • T1140