MINT STEALER: Running by a BulletProof Hoster
Aug. 16, 2024, 2:21 p.m.
Tags
External References
Description
This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting service called Cash Hosting run by a threat actor known as 'Artem.' The analysis covers the offensive services offered by Artem, such as Cash RAT, Cash Ransomware, and Amail Hosting, as well as the malware's code analysis, attack vectors, and indicators of compromise (IOCs).
Date
Published: Aug. 16, 2024, 1:53 p.m.
Created: Aug. 16, 2024, 1:53 p.m.
Modified: Aug. 16, 2024, 2:21 p.m.
Indicators
958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24
8a76f4b2e67675ced5ce4b8e1085796b8d32cd76c6fe16e72d6ea975fbb32f87
87fb26371ed0229ba3706a76b11520bfe751a443e6598fa39d2a382facfb67eb
5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79
db47e673cccdbe2abb11cc07997aeabf4d2bdc9bec286674b58c6baafa09b823
1064ab9e734628e74c580c5aba71e4660ee3ed68db71f6aa81e30f148a5080fa
95.214.25.207
94.142.141.150
85.114.96.2
77.91.77.81
2.58.57.168
185.216.70.231
109.236.93.59
94.156.79.162
dolores@bpe.cash
anticoco@bpe.cash
fileditch.com
artem.icu
amail.wtf
mint-c2.top
Attack Patterns
Cash RAT
Cash Ransomware
Mint Stealer
Artem
T1519
T1599
T1045
T1578
T1088
T1197
T1110
T1213
T1555
T1573
T1486
T1518
T1105
T1083
T1071
T1543
T1053
T1056
T1133
T1059
Additional Informations
Finance
South Georgia and the South Sandwich Islands
Georgia
Palestine
Bulgaria
Netherlands
United States of America
Russian Federation