MintsLoader: StealC and BOINC Delivery

Jan. 20, 2025, 11:47 a.m.

Description

The eSentire Threat Response Unit identified a campaign involving MintsLoader, a PowerShell-based malware loader, delivering payloads like Stealc and BOINC client. MintsLoader uses a Domain Generation Algorithm and anti-VM techniques to evade detection. The infection process begins with a spam email link downloading a JScript file, which then executes PowerShell commands to retrieve and execute the malware stages. StealC, an information stealer, is delivered as the final payload, targeting sensitive data from browsers, applications, and crypto-wallets. The campaign affected organizations in the US and Europe, primarily in the Electricity, Oil & Gas, and Legal Services industries.

External References

https://www.esentire.com/blog/mintsloader-stealc-and-boinc-delivery
https://otx.alienvault.com/pulse/678e2ed0691dbaf790bf355c
Tags
stealc
boinc
information stealer
2025-01-20
mintsloader

Date

  • Created: Jan. 20, 2025, 11:09 a.m.
  • Published: Jan. 20, 2025, 11:09 a.m.
  • Modified: Jan. 20, 2025, 11:47 a.m.

Indicators

  • b8804a7ef09a9c1e8ede3a86a087b754b42f5b37c6de1e82c86f38d01c297ee2
  • 138d2a62b73e89fc4d09416bcefed27e139ae90016ba4493efc5fbf43b66acfa
  • 91e405e8a527023fb8696624e70498ae83660fe6757cef4871ce9bcc659264d3
  • 67.217.228.118
  • 145.223.100.233
  • 62.204.41.177
  • 45.61.136.138
  • https://t1jm05fdu6748emu5oon8nix1uk2ogyn.lovesnextmeeting.com/Uswl5JAnXI
  • http://mubuzb3vvv.top/1.php?s=527
  • http://62.204.41.177/edd20096ecef326d.php
  • t1jm05fdu6748emu5oon8nix1uk2ogyn.lovesnextmeeting.com
  • xaides.com
  • usbkits.com
  • tubnzy3uvz.top
  • shd9inbjz4.top
  • sdubvlbbuz3vzzz.top
  • rosettahome.top
  • poubnxu3jubz.top
  • poeiughybzu222.top
  • ohunhebzhbu3.top
  • nuvye89bjz4.top
  • nubxz4ubhxz9i.top
  • nlafhhiffkceadc.top
  • ngub8zb38ib.top
  • nfuvueibzi4.top
  • mubuzb3vvv.top
  • mnvuz3gvy3.top
  • mnudybh4unh.top
  • mbuz73hb7z3.top
  • lggknhaffleahbh.top
  • lgbibzuehbz.top
  • lalclenfjhkinbn.top
  • kmaealcfcalhcac.top
  • kcehmenjdibnmni.top
  • jhubzgv3.top
  • jgeeifjnhbledmg.top
  • immmjjkndeekmma.top
  • idhglmmnaimdhlj.top
  • iblaehgffmflamn.top
  • hkinuxb3bz.top
  • hjbamcnnkmfjbld.top
  • gkn33hxueub.top
  • hhgiflifcbmdjmh.top
  • ghecbjcmdfghfkg.top
  • gbkiafbmhbmbkkl.top
  • diebinjmajbkhhg.top
  • ckahaebgighbngc.top
  • ccibchdgfjbhhfk.top
  • bnbuzu49ibz4.top
  • blclmjamegjaffd.top
  • bidjdlegcnincee.top
  • anldfaggmdbglen.top
  • afglgehgjgjmgdh.top
  • adkfnnbmakcgael.top
  • midhkalfmddcece.top
  • mdinjlkfcajkjck.top
  • kdemjgebjimkanl.top
  • jjdgdeffjimfgne.top
  • jejmbadfmeenlnk.top
  • gajaechkfhfghal.top
  • feheecfmkmhfiij.top
  • fnnkcnemajnnaja.top
  • ekbnfghmhcaldid.top
  • dckhgjimeghemhl.top
  • cmacnnkfbhlcncm.top
  • canjjclmlnicbga.top
  • bfhdkgmmhdbikgj.top
  • afnfdijahijefmh.top
Download all indicators here!

Attack Patterns

  • BOINC
  • MintsLoader
  • StealC
  • T1552.001
  • T1124
  • T1059.001
  • T1012
  • T1497
  • T1056.001
  • T1555
  • T1071.001
  • T1005
  • T1573
  • T1016
  • T1082
  • T1057
  • T1083
  • T1140
  • T1033
  • T1027
  • T1566

Additional Informations

  • Energy
  • Legal
  • United States of America