Technical Analysis of TransferLoader

SUMMARY :

TransferLoader is a newly identified malware loader active since February 2025. It comprises multiple components including a downloader, backdoor, and specialized loader. The malware employs various anti-analysis techniques and code obfuscation to hinder reverse engineering. TransferLoader has been observed delivering Morpheus ransomware. Its backdoor module enables execution of arbitrary commands on compromised systems and uses the InterPlanetary File System as a fallback for C2 server updates. The malware utilizes both HTTPS and raw TCP communication methods, with a unique encryption process for network packets. TransferLoader's consistent use in deploying additional payloads suggests it will continue to be a threat in future attacks.

OPENCTI LABELS :

backdoor,ransomware,c2,downloader,obfuscation,anti-analysis,morpheus,transferloader,ipfs


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Technical Analysis of TransferLoader