Domino Loader

Malware updated 7 months ago (2024-05-05T03:17:53.460Z)
Download STIX
Preview STIX
Domino Loader is a sophisticated malware with significant similarities to the Domino Backdoor. It operates as a loader, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it gathers basic system information and sends this data to a command and control center, whereupon it receives an encrypted payload. This payload is then decrypted using AES-256-CBC and a hardcoded key. The Domino Loader's unique feature is its export named ReflectiveLoader, which contains code taken from the ReflectiveDLLInjection project. This code enables DLL payloads to load directly from memory into a host process. In many instances, the received payload was found to be a second loader exhibiting code overlap with the Domino Backdoor, hence the name Domino Loader. The file placed on the target PC demonstrated sufficient similarity to the original Domino Backdoor to warrant its moniker. Upon activation, Domino Loader begins by loading an encrypted payload from its resources, decrypting it for use. The attack chain culminates when the Domino Loader installs either Cobalt Strike or the Project Nemesis infostealer on the compromised system. The final payload loaded by Domino Loader is a .NET assembly with MD5 hash D9FFB202D6B679E5AD7303C0334CD000, identified as the 'Project Nemesis' infostealer. This highlights the potential severity of a Domino Loader infection, as the malware can disrupt operations, steal personal information, or even hold data hostage for ransom.
Description last updated: 2024-05-05T03:00:59.608Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Domino is a possible alias for Domino Loader. Domino is a malicious software that infiltrated various systems, most notably IBM Domino Server and ESET Mail Security for IBM Domino, causing significant disruptions and data breaches. The malware was particularly potent due to its ability to exploit vulnerabilities in one system and trigger a domi
3
Domino Backdoor is a possible alias for Domino Loader. The Domino Backdoor is a type of malware that has been linked to multiple threat groups, highlighting the complexity of tracking these actors and their operations. This malicious software, designed to exploit and damage computers or devices, can steal personal information, disrupt operations, or hol
2
Project Nemesis is a possible alias for Domino Loader. Project Nemesis is a malicious software, or malware, that was first advertised on the dark web in December 2021. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. Once inside, Project Nemesis can steal personal information,
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Payload
Infostealer
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Domino Loader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more