The Evolution of a Cyber Threat: From JinxLoader to Astolfo Loader
Nov. 26, 2024, 10:02 p.m.
Tags
External References
Description
JinxLoader, a Go-based malware loader distributed via phishing emails, has evolved into Astolfo Loader. Originally sold on Hack Forums, JinxLoader was designed to deploy additional malware on Windows and Linux systems. The malware operates as a Malware-as-a-Service, making sophisticated tools accessible to a broader range of cybercriminals. Astolfo Loader, a rebranded version written in C++, offers improved performance and smaller file size. Both loaders employ anti-analysis techniques and geolocation checks before connecting to command-and-control servers. This evolution demonstrates the rapid spread and adaptation of malware variants in the cybercriminal ecosystem.
Date
Published: Nov. 26, 2024, 9:34 p.m.
Created: Nov. 26, 2024, 9:34 p.m.
Modified: Nov. 26, 2024, 10:02 p.m.
Indicators
cybercrime_AstlofloLoader
f51f984211d289d1d611952855749a5fefea4bebec377073182bde8ce12af2a8
1b936178c97f935fd669773f5d627359bff2e45b3317422c314d1447696cabbe
http://154.216.17.65/
http://serverdops.ddns.net:6171
http://xscapezo.capetown:6171
Attack Patterns
Astolfo Loader
Jinxloader
XLoader
Formbook
T1497.003
T1571
T1583.005
T1059.007
T1497
T1057
T1566.001
T1140