216.73.217.22

Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems

· Published 23/04/2026 21:25 · Modified 27/04/2026 14:41

Export JSON

Essential information

Published
23/04/2026 21:25
Modified
27/04/2026 14:41
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
cryptocurrency drainer-as-a-service etherrat miolab smart-contract-abuse stepdrainer wallet-phishing
Tags
2026-04-23 cryptocurrency drainer-as-a-service etherrat miolab smart-contract-abuse stepdrainer wallet-phishing
Related entities
31 indicators, 31 observables, 19 techniques (mitre), 4 malware, 19 others

Description

Cybercriminals are merging traditional malware operations with -focused attacks, creating hybrid threat ecosystems. Modern crypto drainers have evolved into automated systems capable of extracting assets across multiple blockchains with minimal user interaction, supported by well-developed underground marketplaces offering kits. Two case studies exemplify this convergence: operates as a multichain platform that abuses Web3Modal and smart contract methods across over 20 blockchain networks, using AI-themed lures and polished interfaces to deceive victims into connecting wallets. represents a hybrid Windows implant delivered through trojanized TFTP installers, combining traditional RAT capabilities with blockchain-aware functionality including Ethereum RPC endpoints and embedded wallet addresses. Both threats demonstrate how theft infrastructure now intersects with mainstream attack surfaces affecting enterprise envir...

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Indicators (31)

Observables (31)

  • wpuadmin.shop
  • scanclaw.live
  • 8kwfaa30jtlnwi.com
  • aodefevrgdkhqltdnwgzbyjoywrlbntbhfwq.com
  • aahdjjsivunugynqjvyfbhqnjekniyfboma.com
  • moonscan.live
  • eth-mainnet.public.blastapi.io
  • mainnet.gateway.tenderly.co
  • rpc.flashbots.net
  • rpc.mevblocker.io
  • solana.publicnode.com
  • solana-mainnet.rpc.extrnode.com
  • ethereum-rpc.publicnode.com
  • rpc.payload.de
  • mainnet.helius-rpc.com
  • eth.merkle.io
  • eth.drpc.org
  • http://corsproxy.io/?hXXps://api.mainnet-beta.solana.com
  • http://mainnet.helius-rpc.com/
  • http://scanclaw.live/KjYQnKB-.php
  • http://rpc.flashbots.net/fast
  • http://moonscan.live/7w2NU3Z-.php
  • 35e01440b9c63f17eb9e70096d2ec01d18309106a0d644db1110950d2d438e59
  • c44d5c888647e78947fc93006d92e5521795ef31f7b0cae1ec829fec60d4bd7a
  • b3e28c6a4fec257f4cdc63d93c84596c4c0ee67b839c0711e06d771dd5410b96
  • 73b1d65c05da79b43f5dbddf4736d37b722a8fa6ea649d0ed5089b2bdb2c9e67
  • 3188313f38e2114f5a9524bf812efaa7f70a89cd8ef2907b962cb1466251df70
  • 6c958397294c279dcbe806c1403c229fdb5ca3ffe030d4d8ce1533e9e7810af4
  • 7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91
  • ba3512ed46270b9cb037bdc3d0b398fad2d3017d1b866645afb7445b089211fa
  • 53d232e7a2670a6f010c23ebd60ca8f881d0433eaf28883a79b41ddd09e47d88

Techniques (MITRE) (19)

Malware (4)

  • SUPERNOVA - S0578
    Family
    Published 30/04/2026 14:20 · Modified 30/04/2026 14:20
  • EtherRAT
    Family
    Published 16/06/2026 14:27 · Modified 16/06/2026 14:27
  • MioLab
    Family
    Published 30/04/2026 14:20 · Modified 30/04/2026 14:20
  • StepDrainer
    Family
    Published 23/04/2026 19:25 · Modified 23/04/2026 19:25

Others (19)

  • Finance
  • Technology
  • eth-mainnet.public.blastapi.io
  • mainnet.helius-rpc.com
  • rpc.flashbots.net
  • rpc.payload.de
  • ethereum-rpc.publicnode.com
  • eth.drpc.org
  • aahdjjsivunugynqjvyfbhqnjekniyfboma.com
  • solana-mainnet.rpc.extrnode.com
  • scanclaw.live
  • aodefevrgdkhqltdnwgzbyjoywrlbntbhfwq.com
  • eth.merkle.io
  • mainnet.gateway.tenderly.co
  • 8kwfaa30jtlnwi.com
  • moonscan.live
  • wpuadmin.shop
  • rpc.mevblocker.io
  • solana.publicnode.com

External references