Back

MINT STEALER: Running by a BulletProof Hoster

Aug. 16, 2024, 2:21 p.m.

Tags

python
mint stealer
2024-08-16
cash ransomware

External References

https://medium.com/

https://otx.alienvault.com/

Description

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting service called Cash Hosting run by a threat actor known as 'Artem.' The analysis covers the offensive services offered by Artem, such as Cash RAT, Cash Ransomware, and Amail Hosting, as well as the malware's code analysis, attack vectors, and indicators of compromise (IOCs).

Date

Published Created Modified
Aug. 16, 2024, 1:53 p.m. Aug. 16, 2024, 1:53 p.m. Aug. 16, 2024, 2:21 p.m.

Indicators

958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24

8a76f4b2e67675ced5ce4b8e1085796b8d32cd76c6fe16e72d6ea975fbb32f87

87fb26371ed0229ba3706a76b11520bfe751a443e6598fa39d2a382facfb67eb

5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79

db47e673cccdbe2abb11cc07997aeabf4d2bdc9bec286674b58c6baafa09b823

1064ab9e734628e74c580c5aba71e4660ee3ed68db71f6aa81e30f148a5080fa

95.214.25.207

94.142.141.150

85.114.96.2

77.91.77.81

2.58.57.168

185.216.70.231

109.236.93.59

94.156.79.162

dolores@bpe.cash

anticoco@bpe.cash

Attack Patterns

Cash RAT

Cash Ransomware

Mint Stealer

Artem

T1519

T1599

T1045

T1578

T1088

T1197

T1110

T1213

T1555

T1573

T1486

T1518

T1105

T1083

T1071

T1543

T1053

T1056

T1133

T1059

Additional Informations

Finance

South Georgia and the South Sandwich Islands

Georgia

Palestine

Bulgaria

Netherlands

United States of America

Russian Federation