Game Over: WeedHack – The Rise of Minecraft Malware-as-a-Service Campaigns

    Friday, June 5, 2026 In: Threat Research Print

    Date: 06/05/2026

    Severity: High

    Summary

    WeedHack is a large-scale Malware-as-a-Service (MaaS) operation that targets Minecraft players through trojanized mods, clients, and cheats distributed via SEO poisoning, YouTube videos, and malicious websites. The campaign delivers a combination of RATs, credential stealers, keyloggers, and cryptocurrency wallet-targeting malware, enabling attackers to steal sensitive information and gain remote access to victim systems. Using Ethereum-based C2 resolution and a subscription-based service model, WeedHack provides capabilities such as webcam monitoring, screen control, file management, and remote command execution, making it a powerful platform for cybercrime and victim surveillance. 

     Indicators of Compromise (IOC) List

    Domains/URLs

    https://whpayment.ru

    http://whack.cy/  

    https://weedhack.to/dashboard/auth/login

    https://whtempdomain.com

    https://whreceiverrrrrrrrr.ru/dashboard/overview

    https://whtempdomain.com/

    http://friendlydomain.ru/

    http://whrc.ru/

    https://whnewreceive.ru/  

    http://weedhack.xyz

    http://92.119.164.235/

    https://acabstealer.ru/  

    http://stealer.to/

    http://1312services.ru/

    https://1312stealer.ru/

    http://dieserbenni.ru/

    https://marsalek.cy/

    http://stealer.cy/  

    https://newlumm.fun/

    http://limbo100x.ru/

    http://pentagon.cy/

    https://aetherminecraft.lovable.app/game-mods

    https://donutdupe.xyz/DonutDupe-1.21.1.jar

    https://www.skytils.net/skytils-1.21.11.jar

    https://static.planetminecraft.com/files/resource_media/mod/mousetweaks-fabric-mc1-21-9-2-29.jar

    https://static.planetminecraft.com/files/resource_media/mod/no-delay-optimizer1-21-4.jar

    https://night-client-Hub.lovable.app/downloads/dupeclient1.21.11-1.21.11.jar

    http://chromium-Client.github.io/main/Chromium Client-.jar

    https://farmhelper-Macro.com/downloads/FarmHelper-1.21.jar

    https://skyhanni.net/downloads/1-21-5/SkyHanni-6.0.0-mc1.21.5.jar

    https://xenonclient.com/downloads/XenonClient-1.21.jar

    https://odinclient.com/Odin-1.21.10-latest.jar

    https://nova-client.com/Nova-Client-1.21.11-latest.jar

    https://pixeldrain.com/api/file/o4jKp4Tx?download

    https://kryptonclient.gg/downloads/KryptonClient.jar

    https://simplevoicechatmod.com/downloads/voicechat-fabric-1.21.11-2.6.11.jar

    https://www.notenoughupdates.net/downloads/NotEnoughUpdates-1.21.5.jar

    https://download2281.mediafire.com/jauvm3juydxggiNLRPkzg-hBEQ9fc9IzMzMCAY_BRiGVMg_VrsDLTQVIJfsq8QfJn7hqLZFDgYigs27kOYaViC05jdawf-9rxEKKpi_lg-7FzEG1xfEph2q17W0C7reY0P-zGfI-HSAknLDhz4WJblw2GCHrXyaO2eDXMI_S2QSh-Ik/1iskin1nr2av9jx/JennyMod_Fabric_1.21-1.0.0+%281%29.jar

    https://download2282.mediafire.com/ulew3ffsg8igzrwikDrX1CBNddz9Q-Q_njGGhftuIFu1GN5SiqIKOScEjVWNvkoXe9_qFO1VJ-UgvABYdfLpSWHiAtkMYs2sQ1MOuvg4taPYHfRrfMlNr2p0OauPRi-SRi-FCBOou37THLnL5ZGDG6ylmTq_kphdyf2bdUdTGxs/kzltscks354a1at/KryptonClient%2B1.21.11.jar

    https://gitlab.com/shlostval52/meteorclient-1.21.11/-/raw/main/AutoHarpTSM-1.21.11.jar?inline=false

    https://cdn.discordapp.com/atTachments/1480069398847819806/1484225086423699607/ThunderHack_NextGen-0.3.jar?ex=69ed9294&is=69ec4114&hm=cc730a4d8bf87f790362f6a4Cd95190f1289ebc43a5fac9cb2d41d0b435625fb&

    https://limewire.com/decrypt/Download?downloadId=96751c7f-be08-4261-b9ee-78541782f59b

    https://cdn.discordapp.com/atTachments/1471155297258049578/1471159638572666940/SPOILER_Casino_Rigger.jar?ex=698debae&is=698c9a2e&hm=71bc572ecaf1a384fb13de478b64799cc9aa2fdc649ff3339d67f7d8ce3f5313&

    https://cdn.discordapp.com/atTachments/1471566328522473643/1472074919356530688/NEW_5050BJPAPER_1_1.jar?ex=6991e8da&is=6990975a&hm=d0e9b86426403d3b186f1314705e0e7f34670881be8bc87d731bb072ccfb55b4&

    https://cdn.discordapp.com/atTachments/1470522425405079585/1470522505604239646/Xenon_Crack_by_Cipher_Service.jar?ex=698c430e&is=698af18e&hm=49f840ac3b7b32aa57865dd285412264b07b6ec0cdafdd731d3e54a7923dd0fb&

    https://cdn.discordapp.com/atTachments/1470560423743983678/1470890304788889620/NEW_5050BJPAPER_1.jar?ex=698cf0d8&is=698b9f58&hm=4b852782cbef5bdc216964f4254c94c9288fcb650f5363bb6dcb436a3335d025&

    https://t.me/+pw_g24ajDcQwMmYy

    https://t.me/MetaMaskenMann

    https://www.youtube.com/@TheRix-u2t

    https://www.youtube.com/@HopzyPacks

    Hash

    F2100e1f73477bc565f8909e069942dac1f884654ed4ba213ca9a84b1e761ab8

    D3f2464ae0e48218e1d48bdfab8301ee5236f7624adcdba1720dc27058461076

    B982fbafa954a8dcf7cfcffe31bcF75a86b052b1f01cf535ffcafd2c48a56b60

    29546a03e07bfeb3025313b12671c758ced1c4921a4bc859a7ab40ec52584cdb

    D81b98a69363d8d994ef553beEb5e15384ed32f0e343708b73c7e6b313b9aace

    F790346bece8e448313f701586Cc7fd18291dfda721aae8d86ebfacf14055645

    5f7680feccc15814299df3c3c11e9b1c4f33069aac5a19c03b87e15f30c2312b

    256b5b5d0524c442261028767B94f7188b0b81663b50c63300fca7733a04ea7d

    E123d1f7cbea562237f7a5f50638d148fb58048c9ad095e0b0ad52e43bfedad0

    D468983f98ff100ad8fd613315Af4c88d67bec76782b66b260c413c587987bf0

    Ef31bb219b84744e02f90947f31a25958b2b34524ed3795799ed6eff876e4bcd

    5d537a058ec19e6ceea593738F122b777d866042ea0bad194539757de13c46f4

    697ee941abee202d8e84e5e3fEd8b9f34eea8772ee56dc867fce017507a5eeaf

    F9a6911e8d9130c779db2e79f901d75d90f9e3ad08c36e7fb927959b7d988bae

    86f8c0a92eb9aba3c3416667361652a9e11b6ddc1119bb5b3564bc107b950ddb

    790ff5cda1668e7aa390fbb1682a4d578195aa40542f64b7b6d56a6eccde12c9

    Db533717da686f3b76b9de85eCd80d326a14572056a33d31f794bffbffd96c26

    8b53f53f72b8fef755666b6f239C06a69a9940e1b9f5d19e022150750035fa80

    6b2218999ac27f6085cb02f693A3c99bd6abedfc20e00e22709e526015c89f4e

    9682adf40a3621ffe5e1b426c5B90d0ed70e663738857bb4d18d37d93bbd4e6c

    3951533d56803cd5d708014b4Eed7e30349b4c4ba43f7d843133b3a5e2992ce6

    37bcec9ba357a2cb13a4f0f910E40f01e33973a5d637a3487c298105ae1ff22b

    08a64523d7a05defb6cc5c87df340d76f9ef7ccc9623a0d338981be4cd9cd6c7

    36a89f65fe2d693a094b51495f3a84d0f4f2ae7276649952d6f78c85282e6f6d

    D4918dbf7ada4883d89a01dcf5332413b7773b12d0e479f2cf502e3245c93720

    Cf9bc0a3e01a7b466bc35dbf88563adf61c884ad5fb2b28afd1298a5f723f370

    D28bc760f0b80905ea199809aD7ebfc73ab12aeab0ad3ee2dd11990657d2d9eb

    7f69a67316872186fd440b4126a77c419f14b459542181c5e12feb49a223fd39

    902cb8bfa3863df299ac804dc77e3e9366658b2b3c2ec5d3a1bdaf2e52520ce5

    2a5baf86a3e982eb557dffffabb619c9e80581d41cdc4b85b06367b588647a7d

    Ea595940815a11901bd99214b26d9528034f7182bd6c3bf2fe3179ac92e00afc

    Dba9908f63f5f32405f7a728f37979e743814532378cabc4f0e9f24c34197c60

    77dd1dd9b12699c64ab31c0140b28c70339014a0969f3bb7a79068f5b8f3f34a

    32e743d1e3957f35651a9d15a83bc128b82108c17b0fa64d63fa98b1d326fc9d

    A81ba29e550beae21fff69bfe0478249eb7078b173f9cf2040d74df299fc9d5b

    14118a6070f89baafd5f2aeaf2dF7535a8053f99944453584f0d1efeb6501ac3

    B9f71ed4b08c93a7fc5468bee23660e3129e1cf9c84100d4d40ad70fb7c851fa

    88d8ac22ea323842cd760d645Daea54043739d45a0fa61fd72fe5a5c9acb5e69

    Fdceafe4dcf9cf6d23b2033824275c08ec73d6b01adc644416e43ecca94c89c9

    226889380ca1695158cd42ba4B7d89352c4fa74010583669ac89ad69fdefd566

    1b5ca4d2b5eb23041da0f6effdC408d50768701d4140a21c9fbd244f9458d720

    C7691712d794d4ef582c591566bf5fda76a364b0bcdad315adbaaec8607ad0f3

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "https://www.skytils.net/skytils-1.21.11.jar" or url like "https://www.skytils.net/skytils-1.21.11.jar" or siteurl like "https://www.skytils.net/skytils-1.21.11.jar" or domainname like "https://www.notenoughupdates.net/downloads/NotEnoughUpdates-1.21.5.jar" or url like "https://www.notenoughupdates.net/downloads/NotEnoughUpdates-1.21.5.jar" or siteurl like "https://www.notenoughupdates.net/downloads/NotEnoughUpdates-1.21.5.jar" or domainname like "https://pixeldrain.com/api/file/o4jKp4Tx?download" or url like "https://pixeldrain.com/api/file/o4jKp4Tx?download" or siteurl like "https://pixeldrain.com/api/file/o4jKp4Tx?download" or domainname like "https://weedhack.to/dashboard/auth/login" or url like "https://weedhack.to/dashboard/auth/login" or siteurl like "https://weedhack.to/dashboard/auth/login" or domainname like "https://aetherminecraft.lovable.app/game-mods" or url like "https://aetherminecraft.lovable.app/game-mods" or siteurl like "https://aetherminecraft.lovable.app/game-mods" or domainname like "http://pentagon.cy/" or url like "http://pentagon.cy/" or siteurl like "http://pentagon.cy/" or domainname like "https://gitlab.com/shlostval52/meteorclient-1.21.11/-/raw/main/AutoHarpTSM-1.21.11.jar?inline=false" or url like "https://gitlab.com/shlostval52/meteorclient-1.21.11/-/raw/main/AutoHarpTSM-1.21.11.jar?inline=false" or siteurl like "https://gitlab.com/shlostval52/meteorclient-1.21.11/-/raw/main/AutoHarpTSM-1.21.11.jar?inline=false" or domainname like "https://cdn.discordapp.com/atTachments/1480069398847819806/1484225086423699607/ThunderHack_NextGen-0.3.jar?ex=69ed9294&is=69ec4114&hm=cc730a4d8bf87f790362f6a4Cd95190f1289ebc43a5fac9cb2d41d0b435625fb&" or url like "https://cdn.discordapp.com/atTachments/1480069398847819806/1484225086423699607/ThunderHack_NextGen-0.3.jar?ex=69ed9294&is=69ec4114&hm=cc730a4d8bf87f790362f6a4Cd95190f1289ebc43a5fac9cb2d41d0b435625fb&" or siteurl like "https://cdn.discordapp.com/atTachments/1480069398847819806/1484225086423699607/ThunderHack_NextGen-0.3.jar?ex=69ed9294&is=69ec4114&hm=cc730a4d8bf87f790362f6a4Cd95190f1289ebc43a5fac9cb2d41d0b435625fb&" or domainname like "https://t.me/MetaMaskenMann" or url like "https://t.me/MetaMaskenMann" or siteurl like "https://t.me/MetaMaskenMann" or domainname like "https://odinclient.com/Odin-1.21.10-latest.jar" or url like "https://odinclient.com/Odin-1.21.10-latest.jar" or siteurl like "https://odinclient.com/Odin-1.21.10-latest.jar" or domainname like "http://friendlydomain.ru/" or url like "http://friendlydomain.ru/" or siteurl like "http://friendlydomain.ru/" or domainname like "http://weedhack.xyz" or url like "http://weedhack.xyz" or siteurl like "http://weedhack.xyz" or domainname like "https://farmhelper-Macro.com/downloads/FarmHelper-1.21.jar" or url like "https://farmhelper-Macro.com/downloads/FarmHelper-1.21.jar" or siteurl like "https://farmhelper-Macro.com/downloads/FarmHelper-1.21.jar" or domainname like "https://skyhanni.net/downloads/1-21-5/SkyHanni-6.0.0-mc1.21.5.jar" or url like "https://skyhanni.net/downloads/1-21-5/SkyHanni-6.0.0-mc1.21.5.jar" or siteurl like "https://skyhanni.net/downloads/1-21-5/SkyHanni-6.0.0-mc1.21.5.jar"

    Detection Query 2 :

    domainname like "https://whpayment.ru" or url like "https://whpayment.ru" or siteurl like "https://whpayment.ru" or domainname like "https://1312stealer.ru/" or url like "https://1312stealer.ru/" or siteurl like "https://1312stealer.ru/" or domainname like "https://kryptonclient.gg/downloads/KryptonClient.jar" or url like "https://kryptonclient.gg/downloads/KryptonClient.jar" or siteurl like "https://kryptonclient.gg/downloads/KryptonClient.jar" or domainname like "https://nova-client.com/Nova-Client-1.21.11-latest.jar" or url like "https://nova-client.com/Nova-Client-1.21.11-latest.jar" or siteurl like "https://nova-client.com/Nova-Client-1.21.11-latest.jar" or domainname like "http://stealer.to/" or url like "http://stealer.to/" or siteurl like "http://stealer.to/" or domainname like "http://limbo100x.ru/" or url like "http://limbo100x.ru/" or siteurl like "http://limbo100x.ru/" or domainname like "https://xenonclient.com/downloads/XenonClient-1.21.jar" or url like "https://xenonclient.com/downloads/XenonClient-1.21.jar" or siteurl like "https://xenonclient.com/downloads/XenonClient-1.21.jar" or domainname like "https://static.planetminecraft.com/files/resource_media/mod/no-delay-optimizer1-21-4.jar" or url like "https://static.planetminecraft.com/files/resource_media/mod/no-delay-optimizer1-21-4.jar" or siteurl like "https://static.planetminecraft.com/files/resource_media/mod/no-delay-optimizer1-21-4.jar" or domainname like "https://whtempdomain.com" or url like "https://whtempdomain.com" or siteurl like "https://whtempdomain.com" or domainname like "http://dieserbenni.ru/" or url like "http://dieserbenni.ru/" or siteurl like "http://dieserbenni.ru/" or domainname like "https://simplevoicechatmod.com/downloads/voicechat-fabric-1.21.11-2.6.11.jar" or url like "https://simplevoicechatmod.com/downloads/voicechat-fabric-1.21.11-2.6.11.jar" or siteurl like "https://simplevoicechatmod.com/downloads/voicechat-fabric-1.21.11-2.6.11.jar" or domainname like "https://newlumm.fun/" or url like "https://newlumm.fun/" or siteurl like "https://newlumm.fun/" or domainname like "https://night-client-Hub.lovable.app/downloads/dupeclient1.21.11-1.21.11.jar" or url like "https://night-client-Hub.lovable.app/downloads/dupeclient1.21.11-1.21.11.jar" or siteurl like "https://night-client-Hub.lovable.app/downloads/dupeclient1.21.11-1.21.11.jar" or domainname like "https://whtempdomain.com/" or url like "https://whtempdomain.com/" or siteurl like "https://whtempdomain.com/" or domainname like "https://whreceiverrrrrrrrr.ru/dashboard/overview" or url like "https://whreceiverrrrrrrrr.ru/dashboard/overview" or siteurl like "https://whreceiverrrrrrrrr.ru/dashboard/overview" or domainname like "http://92.119.164.235/" or url like "http://92.119.164.235/" or siteurl like "http://92.119.164.235/" or domainname like "http://1312services.ru/" or url like "http://1312services.ru/" or siteurl like "http://1312services.ru/" or domainname like "https://t.me/+pw_g24ajDcQwMmYy" or url like "https://t.me/+pw_g24ajDcQwMmYy" or siteurl like "https://t.me/+pw_g24ajDcQwMmYy" or domainname like "https://marsalek.cy/" or url like "https://marsalek.cy/" or siteurl like "https://marsalek.cy/" or domainname like "https://donutdupe.xyz/DonutDupe-1.21.1.jar" or url like "https://donutdupe.xyz/DonutDupe-1.21.1.jar" or siteurl like "https://donutdupe.xyz/DonutDupe-1.21.1.jar" or domainname like "https://download2282.mediafire.com/ulew3ffsg8igzrwikDrX1CBNddz9Q-Q_njGGhftuIFu1GN5SiqIKOScEjVWNvkoXe9_qFO1VJ-UgvABYdfLpSWHiAtkMYs2sQ1MOuvg4taPYHfRrfMlNr2p0OauPRi-SRi-FCBOou37THLnL5ZGDG6ylmTq_kphdyf2bdUdTGxs/kzltscks354a1at/KryptonClient%2B1.21.11.jar" or url like "https://download2282.mediafire.com/ulew3ffsg8igzrwikDrX1CBNddz9Q-Q_njGGhftuIFu1GN5SiqIKOScEjVWNvkoXe9_qFO1VJ-UgvABYdfLpSWHiAtkMYs2sQ1MOuvg4taPYHfRrfMlNr2p0OauPRi-SRi-FCBOou37THLnL5ZGDG6ylmTq_kphdyf2bdUdTGxs/kzltscks354a1at/KryptonClient%2B1.21.11.jar" or siteurl like "https://download2282.mediafire.com/ulew3ffsg8igzrwikDrX1CBNddz9Q-Q_njGGhftuIFu1GN5SiqIKOScEjVWNvkoXe9_qFO1VJ-UgvABYdfLpSWHiAtkMYs2sQ1MOuvg4taPYHfRrfMlNr2p0OauPRi-SRi-FCBOou37THLnL5ZGDG6ylmTq_kphdyf2bdUdTGxs/kzltscks354a1at/KryptonClient%2B1.21.11.jar" or domainname like "http://whrc.ru/" or url like "http://whrc.ru/" or siteurl like "http://whrc.ru/" or domainname like "https://static.planetminecraft.com/files/resource_media/mod/mousetweaks-fabric-mc1-21-9-2-29.jar" or url like "https://static.planetminecraft.com/files/resource_media/mod/mousetweaks-fabric-mc1-21-9-2-29.jar" or siteurl like "https://static.planetminecraft.com/files/resource_media/mod/mousetweaks-fabric-mc1-21-9-2-29.jar"

    Detection Query 3 :

    domainname like "http://whack.cy/" or siteurl like "http://whack.cy/" or url like "http://whack.cy/" or domainname like "https://whnewreceive.ru/" or siteurl like "https://whnewreceive.ru/" or url like "https://whnewreceive.ru/" or domainname like "https://acabstealer.ru/" or siteurl like "https://acabstealer.ru/" or url like "https://acabstealer.ru/" or domainname like "http://stealer.cy/" or siteurl like "http://stealer.cy/" or url like "http://stealer.cy/ or domainname like “http://chromium-Client.github.io/main/Chromium Client-.jar” or siteurl like “http://stealer.cy/” or url like “http://stealer.cy/” or domainname like “https://download2281.mediafire.com/jauvm3juydxggiNLRPkzg-hBEQ9fc9IzMzMCAY_BRiGVMg_VrsDLTQVIJfsq8QfJn7hqLZFDgYigs27kOYaViC05jdawf-9rxEKKpi_lg-7FzEG1xfEph2q17W0C7reY0P-zGfI-HSAknLDhz4WJblw2GCHrXyaO2eDXMI_S2QSh-Ik/1iskin1nr2av9jx/JennyMod_Fabric_1.21-1.0.0+%281%29.jar” or siteurl like “https://download2281.mediafire.com/jauvm3juydxggiNLRPkzg-hBEQ9fc9IzMzMCAY_BRiGVMg_VrsDLTQVIJfsq8QfJn7hqLZFDgYigs27kOYaViC05jdawf-9rxEKKpi_lg-7FzEG1xfEph2q17W0C7reY0P-zGfI-HSAknLDhz4WJblw2GCHrXyaO2eDXMI_S2QSh-Ik/1iskin1nr2av9jx/JennyMod_Fabric_1.21-1.0.0+%281%29.jar” or url like “https://download2281.mediafire.com/jauvm3juydxggiNLRPkzg-hBEQ9fc9IzMzMCAY_BRiGVMg_VrsDLTQVIJfsq8QfJn7hqLZFDgYigs27kOYaViC05jdawf-9rxEKKpi_lg-7FzEG1xfEph2q17W0C7reY0P-zGfI-HSAknLDhz4WJblw2GCHrXyaO2eDXMI_S2QSh-Ik/1iskin1nr2av9jx/JennyMod_Fabric_1.21-1.0.0+%281%29.jar” or domainname like “https://limewire.com/decrypt/Download?downloadId=96751c7f-be08-4261-b9ee-78541782f59b” or siteurl like “https://limewire.com/decrypt/Download?downloadId=96751c7f-be08-4261-b9ee-78541782f59b” or url like “https://limewire.com/decrypt/Download?downloadId=96751c7f-be08-4261-b9ee-78541782f59b” or domainname like “https://cdn.discordapp.com/atTachments/1471155297258049578/1471159638572666940/SPOILER_Casino_Rigger.jar?ex=698debae&is=698c9a2e&hm=71bc572ecaf1a384fb13de478b64799cc9aa2fdc649ff3339d67f7d8ce3f5313&” or siteurl like “https://cdn.discordapp.com/atTachments/1471155297258049578/1471159638572666940/SPOILER_Casino_Rigger.jar?ex=698debae&is=698c9a2e&hm=71bc572ecaf1a384fb13de478b64799cc9aa2fdc649ff3339d67f7d8ce3f5313&” or url like “https://cdn.discordapp.com/atTachments/1471155297258049578/1471159638572666940/SPOILER_Casino_Rigger.jar?ex=698debae&is=698c9a2e&hm=71bc572ecaf1a384fb13de478b64799cc9aa2fdc649ff3339d67f7d8ce3f5313&” or domainname like “https://cdn.discordapp.com/atTachments/1471566328522473643/1472074919356530688/NEW_5050BJPAPER_1_1.jar?ex=6991e8da&is=6990975a&hm=d0e9b86426403d3b186f1314705e0e7f34670881be8bc87d731bb072ccfb55b4&” or siteurl like “https://cdn.discordapp.com/atTachments/1471566328522473643/1472074919356530688/NEW_5050BJPAPER_1_1.jar?ex=6991e8da&is=6990975a&hm=d0e9b86426403d3b186f1314705e0e7f34670881be8bc87d731bb072ccfb55b4&” or url like “https://cdn.discordapp.com/atTachments/1471566328522473643/1472074919356530688/NEW_5050BJPAPER_1_1.jar?ex=6991e8da&is=6990975a&hm=d0e9b86426403d3b186f1314705e0e7f34670881be8bc87d731bb072ccfb55b4&” or domainname like “https://cdn.discordapp.com/atTachments/1470522425405079585/1470522505604239646/Xenon_Crack_by_Cipher_Service.jar?ex=698c430e&is=698af18e&hm=49f840ac3b7b32aa57865dd285412264b07b6ec0cdafdd731d3e54a7923dd0fb&” or siteurl like “https://cdn.discordapp.com/atTachments/1470522425405079585/1470522505604239646/Xenon_Crack_by_Cipher_Service.jar?ex=698c430e&is=698af18e&hm=49f840ac3b7b32aa57865dd285412264b07b6ec0cdafdd731d3e54a7923dd0fb&” or url like “https://cdn.discordapp.com/atTachments/1470522425405079585/1470522505604239646/Xenon_Crack_by_Cipher_Service.jar?ex=698c430e&is=698af18e&hm=49f840ac3b7b32aa57865dd285412264b07b6ec0cdafdd731d3e54a7923dd0fb&” or domainname like “https://cdn.discordapp.com/atTachments/1470560423743983678/1470890304788889620/NEW_5050BJPAPER_1.jar?ex=698cf0d8&is=698b9f58&hm=4b852782cbef5bdc216964f4254c94c9288fcb650f5363bb6dcb436a3335d025&” or siteurl like “https://cdn.discordapp.com/atTachments/1470560423743983678/1470890304788889620/NEW_5050BJPAPER_1.jar?ex=698cf0d8&is=698b9f58&hm=4b852782cbef5bdc216964f4254c94c9288fcb650f5363bb6dcb436a3335d025&” or url like “https://cdn.discordapp.com/atTachments/1470560423743983678/1470890304788889620/NEW_5050BJPAPER_1.jar?ex=698cf0d8&is=698b9f58&hm=4b852782cbef5bdc216964f4254c94c9288fcb650f5363bb6dcb436a3335d025&” or domainname like “https://www.youtube.com/@TheRix-u2t” or siteurl like “https://www.youtube.com/@TheRix-u2t” or url like “https://www.youtube.com/@TheRix-u2t” or domainname like “https://www.youtube.com/@HopzyPacks” or siteurl like “https://www.youtube.com/@HopzyPacks” or url like “https://www.youtube.com/@HopzyPacks”

    Detection Query 4 :

    sha256hash IN ("B9f71ed4b08c93a7fc5468bee23660e3129e1cf9c84100d4d40ad70fb7c851fa","D28bc760f0b80905ea199809aD7ebfc73ab12aeab0ad3ee2dd11990657d2d9eb","E123d1f7cbea562237f7a5f50638d148fb58048c9ad095e0b0ad52e43bfedad0","9682adf40a3621ffe5e1b426c5B90d0ed70e663738857bb4d18d37d93bbd4e6c","3951533d56803cd5d708014b4Eed7e30349b4c4ba43f7d843133b3a5e2992ce6","256b5b5d0524c442261028767B94f7188b0b81663b50c63300fca7733a04ea7d","697ee941abee202d8e84e5e3fEd8b9f34eea8772ee56dc867fce017507a5eeaf","37bcec9ba357a2cb13a4f0f910E40f01e33973a5d637a3487c298105ae1ff22b","D81b98a69363d8d994ef553beEb5e15384ed32f0e343708b73c7e6b313b9aace","86f8c0a92eb9aba3c3416667361652a9e11b6ddc1119bb5b3564bc107b950ddb","Cf9bc0a3e01a7b466bc35dbf88563adf61c884ad5fb2b28afd1298a5f723f370","F9a6911e8d9130c779db2e79f901d75d90f9e3ad08c36e7fb927959b7d988bae","5d537a058ec19e6ceea593738F122b777d866042ea0bad194539757de13c46f4","6b2218999ac27f6085cb02f693A3c99bd6abedfc20e00e22709e526015c89f4e","C7691712d794d4ef582c591566bf5fda76a364b0bcdad315adbaaec8607ad0f3","F2100e1f73477bc565f8909e069942dac1f884654ed4ba213ca9a84b1e761ab8","D3f2464ae0e48218e1d48bdfab8301ee5236f7624adcdba1720dc27058461076","14118a6070f89baafd5f2aeaf2dF7535a8053f99944453584f0d1efeb6501ac3","B982fbafa954a8dcf7cfcffe31bcF75a86b052b1f01cf535ffcafd2c48a56b60","29546a03e07bfeb3025313b12671c758ced1c4921a4bc859a7ab40ec52584cdb","D4918dbf7ada4883d89a01dcf5332413b7773b12d0e479f2cf502e3245c93720","A81ba29e550beae21fff69bfe0478249eb7078b173f9cf2040d74df299fc9d5b","5f7680feccc15814299df3c3c11e9b1c4f33069aac5a19c03b87e15f30c2312b","08a64523d7a05defb6cc5c87df340d76f9ef7ccc9623a0d338981be4cd9cd6c7","77dd1dd9b12699c64ab31c0140b28c70339014a0969f3bb7a79068f5b8f3f34a","Db533717da686f3b76b9de85eCd80d326a14572056a33d31f794bffbffd96c26","F790346bece8e448313f701586Cc7fd18291dfda721aae8d86ebfacf14055645","902cb8bfa3863df299ac804dc77e3e9366658b2b3c2ec5d3a1bdaf2e52520ce5","Dba9908f63f5f32405f7a728f37979e743814532378cabc4f0e9f24c34197c60","Ea595940815a11901bd99214b26d9528034f7182bd6c3bf2fe3179ac92e00afc","2a5baf86a3e982eb557dffffabb619c9e80581d41cdc4b85b06367b588647a7d","32e743d1e3957f35651a9d15a83bc128b82108c17b0fa64d63fa98b1d326fc9d","D468983f98ff100ad8fd613315Af4c88d67bec76782b66b260c413c587987bf0","Ef31bb219b84744e02f90947f31a25958b2b34524ed3795799ed6eff876e4bcd","8b53f53f72b8fef755666b6f239C06a69a9940e1b9f5d19e022150750035fa80","36a89f65fe2d693a094b51495f3a84d0f4f2ae7276649952d6f78c85282e6f6d","7f69a67316872186fd440b4126a77c419f14b459542181c5e12feb49a223fd39","790ff5cda1668e7aa390fbb1682a4d578195aa40542f64b7b6d56a6eccde12c9","88d8ac22ea323842cd760d645Daea54043739d45a0fa61fd72fe5a5c9acb5e69","Fdceafe4dcf9cf6d23b2033824275c08ec73d6b01adc644416e43ecca94c89c9","226889380ca1695158cd42ba4B7d89352c4fa74010583669ac89ad69fdefd566","1b5ca4d2b5eb23041da0f6effdC408d50768701d4140a21c9fbd244f9458d720")

    Reference:    

    https://www.mcafee.com/blogs/other-blogs/mcafee-labs/weedhack-minecraft-malware-as-a-service-campaign-research/                       


    Tags

    MalwareTrojanMaaSSEO PoisoningRATcredential stealerscryptocurrencyKeyloggerStealer

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.