Newly emergent malware loader TransferLoader features several components that facilitate arbitrary command execution on targeted systems, with the loader having been leveraged to distribute the Morpheus ransomware in an attack against a U.S. law firm, reports GBHackers News.
Aside from featuring a downloader component that fetches additional malicious content executed through a hardcoded XOR key, TransferLoader also contains a backdoor module that enables remote command execution and uses the decentralized InterPlanetary File System for command-and-control to ensure operations even amid server disruptions, a Zscaler ThreatLabz report found. TransferLoader also has a backdoor loader that harnesses COM hijacking to ensure persistence on compromised systems. Researchers also highlighted the extensive anti-analysis techniques employed by TransferLoader, including hashing algorithm-based Windows API dynamic resolution, runtime string decryption, and the monitoring of Process Environment Block's BeingDebugged Field. TransferLoader also prevents detection by altering block addresses for execution jumps and exploiting SIMD registers in embedded payloads, said researchers.
Aside from featuring a downloader component that fetches additional malicious content executed through a hardcoded XOR key, TransferLoader also contains a backdoor module that enables remote command execution and uses the decentralized InterPlanetary File System for command-and-control to ensure operations even amid server disruptions, a Zscaler ThreatLabz report found. TransferLoader also has a backdoor loader that harnesses COM hijacking to ensure persistence on compromised systems. Researchers also highlighted the extensive anti-analysis techniques employed by TransferLoader, including hashing algorithm-based Windows API dynamic resolution, runtime string decryption, and the monitoring of Process Environment Block's BeingDebugged Field. TransferLoader also prevents detection by altering block addresses for execution jumps and exploiting SIMD registers in embedded payloads, said researchers.
