Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

The Evolution of a Cyber Threat: From JinxLoader to Astolfo Loader

Nov. 26, 2024, 10:02 p.m.

Description

JinxLoader, a Go-based malware loader distributed via phishing emails, has evolved into Astolfo Loader. Originally sold on Hack Forums, JinxLoader was designed to deploy additional malware on Windows and Linux systems. The malware operates as a Malware-as-a-Service, making sophisticated tools accessible to a broader range of cybercriminals. Astolfo Loader, a rebranded version written in C++, offers improved performance and smaller file size. Both loaders employ anti-analysis techniques and geolocation checks before connecting to command-and-control servers. This evolution demonstrates the rapid spread and adaptation of malware variants in the cybercriminal ecosystem.

Date

Published: Nov. 26, 2024, 9:34 p.m.

Created: Nov. 26, 2024, 9:34 p.m.

Modified: Nov. 26, 2024, 10:02 p.m.

Indicators

cybercrime_AstlofloLoader

f51f984211d289d1d611952855749a5fefea4bebec377073182bde8ce12af2a8

1b936178c97f935fd669773f5d627359bff2e45b3317422c314d1447696cabbe

http://154.216.17.65/

http://serverdops.ddns.net:6171

http://xscapezo.capetown:6171

Attack Patterns

Astolfo Loader

Jinxloader

XLoader

Formbook

T1497.003

T1571

T1583.005

T1059.007

T1497

T1057

T1566.001

T1140