MINT STEALER: Running by a BulletProof Hoster

Aug. 16, 2024, 2:21 p.m.

Description

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting service called Cash Hosting run by a threat actor known as 'Artem.' The analysis covers the offensive services offered by Artem, such as Cash RAT, Cash Ransomware, and Amail Hosting, as well as the malware's code analysis, attack vectors, and indicators of compromise (IOCs).

External References

https://medium.com/coinmonks/mint-stealer-running-by-a-bulletproof-hoster-0983df47a411
https://otx.alienvault.com/pulse/66bf59f4d5e2a3b05f08e70d
Tags
python
mint stealer
2024-08-16
cash ransomware

Date

  • Created: Aug. 16, 2024, 1:53 p.m.
  • Published: Aug. 16, 2024, 1:53 p.m.
  • Modified: Aug. 16, 2024, 2:21 p.m.

Indicators

  • 958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24
  • 8a76f4b2e67675ced5ce4b8e1085796b8d32cd76c6fe16e72d6ea975fbb32f87
  • 87fb26371ed0229ba3706a76b11520bfe751a443e6598fa39d2a382facfb67eb
  • 5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79
  • db47e673cccdbe2abb11cc07997aeabf4d2bdc9bec286674b58c6baafa09b823
  • 1064ab9e734628e74c580c5aba71e4660ee3ed68db71f6aa81e30f148a5080fa
  • 95.214.25.207
  • 94.142.141.150
  • 85.114.96.2
  • 77.91.77.81
  • 2.58.57.168
  • 185.216.70.231
  • 109.236.93.59
  • 94.156.79.162
  • dolores@bpe.cash
  • anticoco@bpe.cash
  • fileditch.com
  • artem.icu
  • amail.wtf
  • mint-c2.top
Download all indicators here!

Attack Patterns

  • Cash RAT
  • Cash Ransomware
  • Mint Stealer
  • Artem

Additional Informations

  • Finance
  • South Georgia and the South Sandwich Islands
  • Georgia
  • Palestine
  • Bulgaria
  • Netherlands
  • United States of America
  • Russian Federation