Pulse Detail — Threat Intelligence

PULSE NAME

IOC - LofyStealer: Malware targeting Minecraft players.

WHITE celestre 2026-04-30 Modified: 2026-05-30

IOCs

LOW VOLUME

During threat hunting activities conducted on the ANY.RUN platform, the artifact was identified in public submissions of the interactive sandbox. The analysis of samples available in the public repository allowed correlating hashes and network behaviors with the already mapped C2 infrastructure (24.152.36.241), confirming that the GrabBot/Slinky campaign is active and being distributed in a real environment. The sandbox results complement the static analysis presented in this report, providing dynamic execution evidence.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1140

Indicators of Compromise (6)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	d21a5d08b4614005c8fcd9d0068f0190	MD5 of 9b1264eb4ff5ee8f00b8b80341fb6917dc3d3148	2026-04-30
FileHash-MD5	fb203c0ac030a97281960d7c28d86ebf	MD5 of f9fe23f24d45eae418c60819c523a83ddba4ca50	2026-04-30
FileHash-SHA1	9b1264eb4ff5ee8f00b8b80341fb6917dc3d3148	—	2026-04-30
FileHash-SHA1	f9fe23f24d45eae418c60819c523a83ddba4ca50	—	2026-04-30
FileHash-SHA256	293006cec43c663ccff331795d662c3b73b4d7af5f8584e2899e286c672c9881	SHA256 of 9b1264eb4ff5ee8f00b8b80341fb6917dc3d3148	2026-04-30
FileHash-SHA256	45d4040e76a0d357dd6e236e185aba2eb82420d78640bfd1f3dede32b33931f7	SHA256 of f9fe23f24d45eae418c60819c523a83ddba4ca50	2026-04-30

References (1)

↗ https://zenox.ai/en/lofystealer-malware-mirando-jogadores-de-minecraft/