The eSentire Threat Response Unit identified a campaign involving MintsLoader, a PowerShell-based malware loader, delivering payloads like Stealc and BOINC client. MintsLoader uses a Domain Generation Algorithm and anti-VM techniques to evade detection. The infection process begins with a spam email link downloading a JScript file, which then executes PowerShell commands to retrieve and execute the malware stages. StealC, an information stealer, is delivered as the final payload, targeting sensitive data from browsers, applications, and crypto-wallets. The campaign affected organizations in the US and Europe, primarily in the Electricity, Oil & Gas, and Legal Services industries. Author: AlienVault
Related Tags:
MintsLoader
information stealer
stealc
T1056.001
Legal
T1059.001
T1555
T1552.001
T1071.001
Associated Indicators:
B8804A7EF09A9C1E8EDE3A86A087B754B42F5B37C6DE1E82C86F38D01C297EE2
kcehmenjdibnmni.top
tubnzy3uvz.top
shd9inbjz4.top
rosettahome.top
anldfaggmdbglen.top
diebinjmajbkhhg.top
nfuvueibzi4.top
canjjclmlnicbga.top