← Back to Pulse Feed
PULSE DETAIL
The eSentire Threat Response Unit identified a campaign involving MintsLoader, a PowerShell-based malware loader, delivering payloads like Stealc and BOINC client. MintsLoader uses a Domain Generation Algorithm and anti-VM techniques to evade detection. The infection process begins with a spam email link downloading a JScript file, which then executes PowerShell commands to retrieve and execute the malware stages. StealC, an information stealer, is delivered as the final payload, targeting sensitive data from browsers, applications, and crypto-wallets. The campaign affected organizations in the US and Europe, primarily in the Electricity, Oil & Gas, and Legal Services industries.
MITRE ATT&CK & Malware Families
Indicators of Compromise (67)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-SHA256 | 138d2a62b73e89fc4d09416bcefed27e139ae90016ba4493efc5fbf43b66acfa | — | 2025-01-20 | |
| domain | afnfdijahijefmh.top | — | 2025-01-20 | |
| domain | bfhdkgmmhdbikgj.top | — | 2025-01-20 | |
| domain | canjjclmlnicbga.top | — | 2025-01-20 | |
| domain | cmacnnkfbhlcncm.top | — | 2025-01-20 | |
| domain | dckhgjimeghemhl.top | — | 2025-01-20 | |
| domain | ekbnfghmhcaldid.top | — | 2025-01-20 | |
| domain | feheecfmkmhfiij.top | — | 2025-01-20 | |
| domain | fnnkcnemajnnaja.top | — | 2025-01-20 | |
| domain | gajaechkfhfghal.top | — | 2025-01-20 | |
| domain | jejmbadfmeenlnk.top | — | 2025-01-20 | |
| domain | jjdgdeffjimfgne.top | — | 2025-01-20 | |
| domain | kdemjgebjimkanl.top | — | 2025-01-20 | |
| domain | mdinjlkfcajkjck.top | — | 2025-01-20 | |
| domain | midhkalfmddcece.top | — | 2025-01-20 | |
| FileHash-MD5 | 760f00e30887017cdea9809fd1c38e52 | MD5 of 91e405e8a527023fb8696624e70498ae83660fe6757cef4871ce9bcc659264d3 | 2025-01-20 | |
| FileHash-SHA1 | b09271e96ff73b86bd54489fbae1c224369a8bc8 | SHA1 of 91e405e8a527023fb8696624e70498ae83660fe6757cef4871ce9bcc659264d3 | 2025-01-20 | |
| FileHash-SHA256 | 138d2a62b73e89fc4d09416bcefed27e139ae90016ba4493efc5fbf43b66acfa | — | 2025-01-20 | |
| FileHash-SHA256 | 91e405e8a527023fb8696624e70498ae83660fe6757cef4871ce9bcc659264d3 | — | 2025-01-20 | |
| FileHash-SHA256 | b8804a7ef09a9c1e8ede3a86a087b754b42f5b37c6de1e82c86f38d01c297ee2 | — | 2025-01-20 | |
| URL | http://62.204.41.177/edd20096ecef326d.php | — | 2025-01-20 | |
| URL | http://mubuzb3vvv.top/1.php?s=527 | — | 2025-01-20 | |
| URL | https://t1jm05fdu6748emu5oon8nix1uk2ogyn.lovesnextmeeting.com/Uswl5JAnXI | — | 2025-01-20 | |
| domain | adkfnnbmakcgael.top | — | 2025-01-20 | |
| domain | afglgehgjgjmgdh.top | — | 2025-01-20 | |
| domain | anldfaggmdbglen.top | — | 2025-01-20 | |
| domain | bidjdlegcnincee.top | — | 2025-01-20 | |
| domain | blclmjamegjaffd.top | — | 2025-01-20 | |
| domain | bnbuzu49ibz4.top | — | 2025-01-20 | |
| domain | ccibchdgfjbhhfk.top | — | 2025-01-20 | |
| domain | ckahaebgighbngc.top | — | 2025-01-20 | |
| domain | diebinjmajbkhhg.top | — | 2025-01-20 | |
| domain | gbkiafbmhbmbkkl.top | — | 2025-01-20 | |
| domain | ghecbjcmdfghfkg.top | — | 2025-01-20 | |
| domain | gkn33hxueub.top | — | 2025-01-20 | |
| domain | hhgiflifcbmdjmh.top | — | 2025-01-20 | |
| domain | hjbamcnnkmfjbld.top | — | 2025-01-20 | |
| domain | hkinuxb3bz.top | — | 2025-01-20 | |
| domain | iblaehgffmflamn.top | — | 2025-01-20 | |
| domain | idhglmmnaimdhlj.top | — | 2025-01-20 | |
| domain | immmjjkndeekmma.top | — | 2025-01-20 | |
| domain | jgeeifjnhbledmg.top | — | 2025-01-20 | |
| domain | jhubzgv3.top | — | 2025-01-20 | |
| domain | kcehmenjdibnmni.top | — | 2025-01-20 | |
| domain | kmaealcfcalhcac.top | — | 2025-01-20 | |
| domain | lalclenfjhkinbn.top | — | 2025-01-20 | |
| domain | lgbibzuehbz.top | — | 2025-01-20 | |
| domain | lggknhaffleahbh.top | — | 2025-01-20 | |
| domain | mbuz73hb7z3.top | — | 2025-01-20 | |
| domain | mnudybh4unh.top | — | 2025-01-20 | |
| domain | mnvuz3gvy3.top | — | 2025-01-20 | |
| domain | mubuzb3vvv.top | — | 2025-01-20 | |
| domain | nfuvueibzi4.top | — | 2025-01-20 | |
| domain | ngub8zb38ib.top | — | 2025-01-20 | |
| domain | nlafhhiffkceadc.top | — | 2025-01-20 | |
| domain | nubxz4ubhxz9i.top | — | 2025-01-20 | |
| domain | nuvye89bjz4.top | — | 2025-01-20 | |
| domain | ohunhebzhbu3.top | — | 2025-01-20 | |
| domain | poeiughybzu222.top | — | 2025-01-20 | |
| domain | poubnxu3jubz.top | — | 2025-01-20 | |
| domain | rosettahome.top | — | 2025-01-20 | |
| domain | sdubvlbbuz3vzzz.top | — | 2025-01-20 | |
| domain | shd9inbjz4.top | — | 2025-01-20 | |
| domain | tubnzy3uvz.top | — | 2025-01-20 | |
| domain | usbkits.com | — | 2025-01-20 | |
| domain | xaides.com | — | 2025-01-20 | |
| hostname | t1jm05fdu6748emu5oon8nix1uk2ogyn.lovesnextmeeting.com | — | 2025-01-20 |