Domino Loader

Malware updated 4 months ago (2024-05-05T03:17:53.460Z)

Download STIX

Preview STIX

Domino Loader is a sophisticated malware with significant similarities to the Domino Backdoor. It operates as a loader, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it gathers basic system information and sends this data to a command and control center, whereupon it receives an encrypted payload. This payload is then decrypted using AES-256-CBC and a hardcoded key. The Domino Loader's unique feature is its export named ReflectiveLoader, which contains code taken from the ReflectiveDLLInjection project. This code enables DLL payloads to load directly from memory into a host process. In many instances, the received payload was found to be a second loader exhibiting code overlap with the Domino Backdoor, hence the name Domino Loader. The file placed on the target PC demonstrated sufficient similarity to the original Domino Backdoor to warrant its moniker. Upon activation, Domino Loader begins by loading an encrypted payload from its resources, decrypting it for use. The attack chain culminates when the Domino Loader installs either Cobalt Strike or the Project Nemesis infostealer on the compromised system. The final payload loaded by Domino Loader is a .NET assembly with MD5 hash D9FFB202D6B679E5AD7303C0334CD000, identified as the 'Project Nemesis' infostealer. This highlights the potential severity of a Domino Loader infection, as the malware can disrupt operations, steal personal information, or even hold data hostage for ransom.

Description last updated: 2024-05-05T03:00:59.608Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Domino	3	The Domino malware, a harmful program designed to exploit and damage computer systems, has been identified as the culprit behind a series of high-profile cyber attacks. The first notable incident occurred when a hacker claimed to have accessed Domino's India's massive 13 TB database on the Dark Web,
Domino Backdoor	2	The Domino Backdoor is a type of malware that has been linked to multiple threat groups, highlighting the complexity of tracking these actors and their operations. This malicious software, designed to exploit and damage computers or devices, can steal personal information, disrupt operations, or hol
Project Nemesis	2	Project Nemesis is a malicious software, or malware, that was first advertised on the dark web in December 2021. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. Once inside, Project Nemesis can steal personal information,

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Payload

Infostealer

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Domino Loader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a year ago	FIN7, Former Conti Gang Members Collaborate on 'Domino' Malware
Malwarebytes	a year ago	Malware authors join forces and target organisations with Domino Backdoor
SecurityIntelligence.com	a year ago	Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
SecurityIntelligence.com	a year ago	Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor