MintsLoader Malware Analysis: Multi-Stage Loader Used in Cyber Attacks

SUMMARY :

MintsLoader, a malicious loader first observed in 2024, is employed in phishing and drive-by download campaigns to deploy payloads like GhostWeaver, StealC, and modified BOINC clients. It uses obfuscated JavaScript and PowerShell scripts in a multi-stage infection chain, featuring sandbox evasion techniques, a domain generation algorithm, and HTTP-based C2 communications. Various threat groups, including TAG-124 and SocGholish operators, utilize MintsLoader to target industrial, legal, and energy sectors. The loader's sophisticated obfuscation and evasion methods complicate detection, but Recorded Future's Malware Intelligence Hunting provides up-to-date information on new samples and C2 domains.

OPENCTI LABELS :

phishing,stealc,socgholish,asyncrat,drive-by download,boinc,mintsloader,tag-124,ghostweaver,multi-stage loader


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


MintsLoader Malware Analysis: Multi-Stage Loader Used in Cyber Attacks