← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
MintsLoader Malware Analysis: Multi-Stage Loader Used in Cyber Attacks
WHITE TAG-124 AlienVault 2025-04-29 Modified: 2025-05-29
556
IOCs
HIGH VOLUME
MintsLoader, a malicious loader first observed in 2024, is employed in phishing and drive-by download campaigns to deploy payloads like GhostWeaver, StealC, and modified BOINC clients. It uses obfuscated JavaScript and PowerShell scripts in a multi-stage infection chain, featuring sandbox evasion techniques, a domain generation algorithm, and HTTP-based C2 communications. Various threat groups, including TAG-124 and SocGholish operators, utilize MintsLoader to target industrial, legal, and energy sectors. The loader's sophisticated obfuscation and evasion methods complicate detection, but Recorded Future's Malware Intelligence Hunting provides up-to-date information on new samples and C2 domains.
asyncratboinctag-124socgholishstealcmulti-stage loaderphishingghostweavermintsloaderdrive-by download
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
MintsLoader GhostWeaver StealC AsyncRAT
Indicators of Compromise (63 / 556 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0518287873d4fb8925ae78fdcca2fcf4 2025-04-29
FileHash-MD5 0cadda90656d0e38c804cecb4abdfe51 2025-04-29
FileHash-MD5 1151e302c4e0997f70d8ed0dd799243f 2025-04-29
FileHash-MD5 1b129d080655a4c9f703a5dce0195512 2025-04-29
FileHash-MD5 1c9e2f58cc773e8f1e4b52788dccb904 2025-04-29
FileHash-MD5 27d26760ad0bf8a5be7ab787d053e278 2025-04-29
FileHash-MD5 2a31f5286e163f5467447a1e8378c2d6 2025-04-29
FileHash-MD5 2bf5f75aff532c360c417f604621f4b9 2025-04-29
FileHash-MD5 3be68578329e2b1bc89396e6d6f00cb4 2025-04-29
FileHash-MD5 3d7a97e422c6f4fc9e7198d94b865dec 2025-04-29
FileHash-MD5 3e601a885837e96065cc4a07cc6f7aa2 2025-04-29
FileHash-MD5 40ef9511d762c47c5876246943671176 2025-04-29
FileHash-MD5 413b185569d1015d08a8a0dd81bdd156 2025-04-29
FileHash-MD5 43c91823fc72bce6be946d2cee82e6fd 2025-04-29
FileHash-MD5 44d4aefd8d4e0b456296fd843e281123 2025-04-29
FileHash-MD5 453e433ce707a2dff379af17e1a7fe44 2025-04-29
FileHash-MD5 46859e09844b9a698f15023607afa509 2025-04-29
FileHash-MD5 471cf8b012c0554a30a7ed9ddb1438cb 2025-04-29
FileHash-MD5 5244a990cae4e6b707fac81aee890fa5 2025-04-29
FileHash-MD5 53ac9b32ca8054f376cc8c7b5cd1121f 2025-04-29
FileHash-MD5 5849cc1c3601df53e728dfbfcda8cd36 2025-04-29
FileHash-MD5 596af576045be2fc9307a33c26b72549 2025-04-29
FileHash-MD5 600d743e346702c13d31f6e546804d04 2025-04-29
FileHash-MD5 624ca3ef60e028fa7d010d5c353f756d 2025-04-29
FileHash-MD5 649d5712cfa4b008931e855ca3931963 2025-04-29
FileHash-MD5 674e9e7128df273743b820de0f086f39 2025-04-29
FileHash-MD5 6ed67d1744f343d34071c5d3a6fb3846 2025-04-29
FileHash-MD5 6f69e3d0b54b6502a3464ce17ce15ba8 2025-04-29
FileHash-MD5 6f6f07e09f75e12cc1d910e1cf9ab578 2025-04-29
FileHash-MD5 72b85eb6242e93b9215f9f1d3f8b7885 2025-04-29
FileHash-MD5 73a6cd3a145d25249f4fc98e03a592ba 2025-04-29
FileHash-MD5 754073646c673b9defe0aafb4a25c69c 2025-04-29
FileHash-MD5 79278eacaceae2c56b411141a96345fd 2025-04-29
FileHash-MD5 79c7ddfbd0d1f8127855ea042e013e91 2025-04-29
FileHash-MD5 7c52de594912ffa15f42f924e2acf2ca 2025-04-29
FileHash-MD5 7d467606f2c3886b51eb923f158fd436 2025-04-29
FileHash-MD5 7edb0e1b622e9cf94985f71d13c71eb9 2025-04-29
FileHash-MD5 828e0cc3c14385d28606aca4c5edf657 2025-04-29
FileHash-MD5 82934392d0e7c58c94ae595a91c0680c 2025-04-29
FileHash-MD5 89b5fb5364b1ecf5108c686604edaae5 2025-04-29
FileHash-MD5 8aa52be570da2efe4885957e29b89538 2025-04-29
FileHash-MD5 8e7e6ce676a6dc5c6cfbae09fad768bb 2025-04-29
FileHash-MD5 9da8ae3b444da23506f4758ab0488033 2025-04-29
FileHash-MD5 a4a744e60e8607937f3d6873d27908a0 2025-04-29
FileHash-MD5 a766c6fe1358b7d441ff94575d3d4eb1 2025-04-29
FileHash-MD5 aa53e9e42c8f90023dc846e2cb391fc0 2025-04-29
FileHash-MD5 aae2e54e95f5e8c88f662cfd295685e6 2025-04-29
FileHash-MD5 ab76f0616959083067af7d5c07bea9e5 2025-04-29
FileHash-MD5 adcae078da23dfc09f84aa40de974221 2025-04-29
FileHash-MD5 ae73f25069e787e88e22951dbb73b9c6 2025-04-29
FileHash-MD5 b05ee915cdbdb359f19b8e42acebaf48 2025-04-29
FileHash-MD5 b745193d177f5bb012a43bd3bd6b70cf 2025-04-29
FileHash-MD5 bcefbd57340b3f8c39699195c2946d69 2025-04-29
FileHash-MD5 c1c0e16fc76c9da7873958c89c59416d 2025-04-29
FileHash-MD5 ca9f4cf7cee2be1ab7fdd2862efc9199 2025-04-29
FileHash-MD5 d266b40b1c93791d465fe28ebae9301b 2025-04-29
FileHash-MD5 d3bfc1366183780701fea65641ec6c48 2025-04-29
FileHash-MD5 d9f00ea479721f7581810bda98dca097 2025-04-29
FileHash-MD5 e072e92783739144aa542421742e5f92 2025-04-29
FileHash-MD5 e9b2e27454fc1326cdb24bfc3b55b236 2025-04-29
FileHash-MD5 ed610e92505fc9cb3f1db1e16fab3459 2025-04-29
FileHash-MD5 f97b73cfdde114951488a7f801f770dd 2025-04-29
FileHash-MD5 fb71a122501a4eed98a8c83c06a1f5d1 2025-04-29
References (2)
↗ https://cms.recordedfuture.com/uploads/format_webp/BLOG_cta_2025_0429_Main_Feature_e924c36cbd.jpg ↗ https://www.recordedfuture.com/research/uncovering-mintsloader-with-recorded-future-malware-intelligence-hunting