← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Technical Analysis of TransferLoader
WHITE AlienVault 2025-05-15 Modified: 2025-05-15
7
IOCs
LOW VOLUME
TransferLoader is a newly identified malware loader active since February 2025. It comprises multiple components including a downloader, backdoor, and specialized loader. The malware employs various anti-analysis techniques and code obfuscation to hinder reverse engineering. TransferLoader has been observed delivering Morpheus ransomware. Its backdoor module enables execution of arbitrary commands on compromised systems and uses the InterPlanetary File System as a fallback for C2 server updates. The malware utilizes both HTTPS and raw TCP communication methods, with a unique encryption process for network packets. TransferLoader's consistent use in deploying additional payloads suggests it will continue to be a threat in future attacks.
downloaderbackdooranti-analysistransferloadermorpheusipfsc2ransomwareobfuscation
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
TransferLoader Morpheus
Indicators of Compromise (7)
All FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 11d0b292ed6315c3bf47f5df4c7804edccbd0f6018777e530429cc7709ba6207 2025-05-15
FileHash-SHA256 b55ba0f869f6408674ee9c5229f261e06ad1572c52eaa23f5a10389616d62efe 2025-05-15
FileHash-SHA256 b8f00bd6cb8f004641ebc562e570685787f1851ecb53cd918bc6d08a1caae750 2025-05-15
URL https://baza.com/loader.bin 2025-05-15
URL https://mainstomp.cloud/MDcMkjAxsLKsT 2025-05-15
URL https://sharemoc.space/XdYUmFd2xX 2025-05-15
URL https://temptransfer.live/SkwkUTIoFTrXYRMd 2025-05-15
References (1)
↗ https://www.zscaler.com/blogs/security-research/technical-analysis-transferloader