← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Facebook Advertising Spreads Novel Malware Variant
WHITE Liu Kong toporokis 2024-02-07 Modified: 2024-03-08
150
IOCs
HIGH VOLUME
In early December, Trustwave SpiderLabs discovered a new malware named Ov3r_Stealer designed to steal credentials and crypto wallets. The initial attack vector was a weaponized PDF file distributed via Facebook ads. Once executed, the malware establishes persistence and exfiltrates data to a Telegram channel. The malware shares similarities with Phemedrone, an open-source malware written in C#. The investigation uncovered affiliations between the threat actors and hacking forums where malware is developed and cracked software is shared.
telegramov3r_stealerfacebookcrypto walletinformation stealerphemedrone
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Ov3r_Stealer Phemedrone
Indicators of Compromise (150)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2023-38831 2024-02-07
FileHash-MD5 010fb68e7589b24c1da35f9533f84bf8 2024-02-07
FileHash-MD5 02bc92c06bd8bef8d15c410fa457b89d 2024-02-07
FileHash-MD5 060d92492f06174c81d1707bb5961c35 2024-02-07
FileHash-MD5 08c16f5196aaeacdcc46f10e82e7c47b 2024-02-07
FileHash-MD5 092566470d8f8ffd8e0e70c34229882e 2024-02-07
FileHash-MD5 0c33eafc7d9cb3abf6048ca98a5d2db9 2024-02-07
FileHash-MD5 1006ad7046f065da16102c3cb5e6bcb9 2024-02-07
FileHash-MD5 1210c904bb5986a63605a29cc54c47d9 2024-02-07
FileHash-MD5 15a38db72e97b9f5b5a5737dd23571bd 2024-02-07
FileHash-MD5 24da08be82f439c3230d0b16b275902f 2024-02-07
FileHash-MD5 3b33cead1847d254bb4d0e614c32a9b8 2024-02-07
FileHash-MD5 3c490e342c30710834f21cbdadf80897 2024-02-07
FileHash-MD5 43412a035847649c4fb2daa6de336d86 2024-02-07
FileHash-MD5 477c0ed261ad6db5eb250b0efccf963a 2024-02-07
FileHash-MD5 48a2fca4599cd29531cb62cfb5534478 2024-02-07
FileHash-MD5 4a328bdd8568261a14ebfff4eb6ffd2f 2024-02-07
FileHash-MD5 4afa1df89ec91d1e81020b9f42da43dc 2024-02-07
FileHash-MD5 534f90adf294faf90a293abfc4ac2f26 2024-02-07
FileHash-MD5 58c966c06d908017264506dbe2dd7e45 2024-02-07
FileHash-MD5 5c2dc3e1af236cafc798c517414be70d 2024-02-07
FileHash-MD5 5d39a9e99b58faf99cae275723c9168e 2024-02-07
FileHash-MD5 65367d9e4f93700cdeab9af35559220e 2024-02-07
FileHash-MD5 739ede4370b88e60a1d872a1735f3923 2024-02-07
FileHash-MD5 7f6fff7a288e53c8d2400140eb88d0b7 2024-02-07
FileHash-MD5 84ecef7410ea267b103f21ad14bc7fb0 2024-02-07
FileHash-MD5 8791b4003e5ae1cab92600667b2a761b 2024-02-07
FileHash-MD5 88e38e212591ffaf3c3400b22b8988d6 2024-02-07
FileHash-MD5 8904d6ad569095ef6fb1dab561edc420 2024-02-07
FileHash-MD5 8ab90b8cb6e7b2f04e132cc58a2f5b99 2024-02-07
FileHash-MD5 905430fd2cba63713c5d5f625bc6fe5f 2024-02-07
FileHash-MD5 906509861bd74330c15f3c669b0a4c04 2024-02-07
FileHash-MD5 9cbed436d083dd76efcdfee8cbb4bafa 2024-02-07
FileHash-MD5 a7de3969e3f09f2b076d67a3daf9edad 2024-02-07
FileHash-MD5 a8fd240af0ab05e5496afb0d6df0223c 2024-02-07
FileHash-MD5 af0ce315ea226f4b07d7e3fac1b69846 2024-02-07
FileHash-MD5 b042b2a8981a94b7afe680d94808e9f8 2024-02-07
FileHash-MD5 b6627a1ba0ff5b3352990518bda0f2d5 2024-02-07
FileHash-MD5 b8e3dbe739e9f09ebb5fd20740c0b7ca 2024-02-07
FileHash-MD5 bcbce22d8b56f857429a83c40551c8bf 2024-02-07
FileHash-MD5 be4374488e218bf1915395b84d6c07b5 2024-02-07
FileHash-MD5 c6bfdeed6ebec0917e665349ba4cc83b 2024-02-07
FileHash-MD5 c86f71dafb6589dc711dd2bc27373f5a 2024-02-07
FileHash-MD5 c90b04b9184f91575d4f12320b4a65ab 2024-02-07
FileHash-MD5 d06e91a847f4303ca417ec131ac8c038 2024-02-07
FileHash-MD5 e07a3cd4e1d663e2f94baa5d4ff1b28b 2024-02-07
FileHash-MD5 eaa6f5129a23cb51029615b68a9ca792 2024-02-07
FileHash-MD5 ee463be74f3ae743f11a97fd009eef63 2024-02-07
FileHash-MD5 f424e8b32ca6ad7153f706ed1a0bc0af 2024-02-07
FileHash-MD5 f52c10457c584f1b136fd7922a565c32 2024-02-07
FileHash-MD5 fbf7e29cb108587f5abbf6b7f91a1ddd 2024-02-07
FileHash-MD5 fe7b790b033aa60212249a2c47891041 2024-02-07
FileHash-MD5 ff5ca0f3559c69326ac32d191c4e2380 2024-02-07
FileHash-SHA1 0847210bde9109b855a313ba4cf8f38a8a2c07d2 2024-02-07
FileHash-SHA1 0a6f7c08ccdadbc07e25957693846c06eaa1b093 2024-02-07
FileHash-SHA1 0c85b862ba87792eaed35409386d92a60a6e5032 2024-02-07
FileHash-SHA1 1af9adbed06118b6bff63dd65859b0b59b55b4bb 2024-02-07
FileHash-SHA1 1d0b9ed1d512f46dbc436791677de2f13508fa08 2024-02-07
FileHash-SHA1 1d28e8a58e57e9afb8aa4ae4c6eaf771d809a647 2024-02-07
FileHash-SHA1 2ad4a7a5fc4059817228bb2358efc28a36fd40aa 2024-02-07
FileHash-SHA1 334430f26a460035e8b9634c800dee623402da7f 2024-02-07
FileHash-SHA1 40e25b4538f2a7befee31349b2199d010fadb94a 2024-02-07
FileHash-SHA1 41223600e3b80c5f4cf6220d9ea9a647d8b5ee9f 2024-02-07
FileHash-SHA1 41d186163cd74d39e89cf06fa4f3a06d7fa88f6b 2024-02-07
FileHash-SHA1 43eca8bde1bad72446e12a4186fafea39e3f27e3 2024-02-07
FileHash-SHA1 4b3a104f1546211c912e1a69c929f800a1e9ceb7 2024-02-07
FileHash-SHA1 4df7fd944c47ddad8828f1eb5caa726996f83a69 2024-02-07
FileHash-SHA1 52e8602e9137b2e02802512be143bb537cb8d56e 2024-02-07
FileHash-SHA1 6149acf6575b7230710d111c9c46d61d6b62cad5 2024-02-07
FileHash-SHA1 6d0820a24a78d4f5699f9c25c02f1de3ac834fb6 2024-02-07
FileHash-SHA1 6d24e64ce6cf90967355ecaceb7ac0480364ff75 2024-02-07
FileHash-SHA1 6e389cf7fecce6365057bcedea6b2bd384456bf4 2024-02-07
FileHash-SHA1 7db20fa6f2d14e7df0b53a243a6eb886ddc03071 2024-02-07
FileHash-SHA1 7db32f04cfe9680eb599b13003468bdf72cab1bf 2024-02-07
FileHash-SHA1 93f5c17070eb7ecb3ea93a3195d553c92db60fe0 2024-02-07
FileHash-SHA1 94376dbaa402f8069a162e27561ab09f1d9863b8 2024-02-07
FileHash-SHA1 b53c5dd1e80d723523a78b7ad36684cca34a9d69 2024-02-07
FileHash-SHA1 bd6169c0188e37f112267e8dd5f59aa0928ff9da 2024-02-07
FileHash-SHA1 c999a3087ed6cb8ca38e1f4b469b9c524bc4a0be 2024-02-07
FileHash-SHA1 cacd5e8a1e4317a1eaa1f761bd16c11b3b79b0af 2024-02-07
FileHash-SHA1 d28e78d76b6b49d14dc6d029055395c01c34f55f 2024-02-07
FileHash-SHA1 d2b43ce36084da8bae5b9394927e8463f7545d79 2024-02-07
FileHash-SHA1 da9003182528580b7104458c75f561f39d04d101 2024-02-07
FileHash-SHA1 db9eb5ab2c843aa106f1a517e71640617f85838c 2024-02-07
FileHash-SHA1 e4846f947653a6f0daaa66927b2e6c611c81a003 2024-02-07
FileHash-SHA1 ef4b877bdaedc89fcce3920ba34efbb5f96d5b44 2024-02-07
FileHash-SHA1 ff5e2b1a310c19e278496900b7dd2b2689103f4c 2024-02-07
FileHash-SHA256 0c2ccf98694849f898a4170cb46add3cd60b93e568dc300f6c868e38e64a3ba0 2024-02-07
FileHash-SHA256 0df85ed4877940f4a6987790901734f8eb74cb97672773ec232cbb0ea76db681 2024-02-07
FileHash-SHA256 1433efd142007ce809aff5b057810f5a1919ea1e3ff740ff0fcc2fc729226be5 2024-02-07
FileHash-SHA256 188c72f995ebd5e1e8d0e3b9d34eeeec2ec95d4d0fee30d2ea0f317ab1596eef 2024-02-07
FileHash-SHA256 1c53dffcb4c474a2b08708609466e7d234d6d51139b6532af54fac5bb8d37415 2024-02-07
FileHash-SHA256 1d0f042818c521d5606501ebd47a048c8de07f2e9c705c4e1e0e3e39728d286f 2024-02-07
FileHash-SHA256 22236e50b5f700f5606788dcd5ab1fb69ee092e8dffdd783ac3cab47f1f445ab 2024-02-07
FileHash-SHA256 348aea633c99e5f6a0ac7b850961be0a145a35678e5bd074b4852f7a2419f518 2024-02-07
FileHash-SHA256 3a34cd3a3221d83a1cca8913b2afbb5b780027d48b44d3ce15dfe4a402064871 2024-02-07
FileHash-SHA256 40c6fa38e44e00d8cf113d0a079cd46f8b7654331f12e50d2af5a9f1ddc6d266 2024-02-07
FileHash-SHA256 4446d5b475ce8aed5244da917ae42b6cb9744ffc4efd766af8e4dee7dd5a3e19 2024-02-07
FileHash-SHA256 480fae3bdc2604cba846779dd7dced95b3ce036bdef629ded247771a2e4d5d58 2024-02-07
FileHash-SHA256 4a36cc607ca5c2acc536510fd1b0ddd43a9403dac168d2420d474611909ed9e6 2024-02-07
FileHash-SHA256 4ae28a44c38edc516e449ddd269b5aa9924d549d763773dcd312b48fe6bb91ab 2024-02-07
FileHash-SHA256 4da33c7fe62f71962913d7b40ff76aff9f1586e57db707b3d6b88162c051f402 2024-02-07
FileHash-SHA256 568b4b868b225f06bb34da0dc23603c9dedccc2b319353407c814983d5322563 2024-02-07
FileHash-SHA256 5ecad303475e180f8879871d8571d1a7eeb99e0b3c63cc77fdd02cb9b8c51211 2024-02-07
FileHash-SHA256 5f0ff1fd6ca89a0ddd3178e023dea8f79ff3c3f3d8ff7900378eb014e83ed326 2024-02-07
FileHash-SHA256 5f1a027f1c1468f93671a4c7fc7b5da00a3c559a9116f5417baa6c1f89550d9f 2024-02-07
FileHash-SHA256 61cb5bd49e06374fc7e741b3bea2f0753f46b8ac3e1af2c9d3fd97f76452713d 2024-02-07
FileHash-SHA256 69941417f26c207f7cbbbe36ce8b4d976640a3d7f407d316932428e427f1980b 2024-02-07
FileHash-SHA256 6bd8449de1e1bdd62a86284ed17266949654f758e00e10d8cd59ec4d233c32e5 2024-02-07
FileHash-SHA256 70c23213096457df852b66443d9a632e66816e023fdf05a93b9087ffb753d916 2024-02-07
FileHash-SHA256 7c0a1e11610805bd187ef6e395c8fa31c1ae756962e26cdbff704ce54b9e678a 2024-02-07
FileHash-SHA256 80f88566fda41ebc1b4e35d89748a804740bba0d03049c33c536cffd5e0491e2 2024-02-07
FileHash-SHA256 815b2125d6f0a5d99750614731aaad2c6936a1dc107a969408a88973f35064c0 2024-02-07
FileHash-SHA256 89caa1568fcff162086dae91e6bd34fd04facba50166ebff800d45a999d0be8b 2024-02-07
FileHash-SHA256 8b73d7aa8bb8db8a9ecbf9f713934fbbb5caf4745d7a61a6f34a100c4d84fd9d 2024-02-07
FileHash-SHA256 99d27635eb78197310478357014f63fc6f044558a0a17c34086741801a83c80c 2024-02-07
FileHash-SHA256 9a96406ae06b703d827fffd1f1ced0781f89ca2af6d5041721e9fbd2647c8430 2024-02-07
FileHash-SHA256 9b9ba722b314febfc44919551a03dde1539f115333183c2cb5e74b8e644ba5b3 2024-02-07
FileHash-SHA256 a2710b5991583e44453126c237b642891acf53a313b39ae94f2ae9b44c51070d 2024-02-07
FileHash-SHA256 a841cd16062702462fdffdd7eef9fc3d88cde65d19c8d5a384e33066d65f9424 2024-02-07
FileHash-SHA256 ad513d2cba6cc82a50ee6531b275e937480d8fee20af2b4f41da5f88e408a4e9 2024-02-07
FileHash-SHA256 b37ec923451dd15a0f68df0b392b0f1b243fe50c709de9e574ac14cf6fabdd53 2024-02-07
FileHash-SHA256 b7980f64f892d70b1cd72a8c80f8319f50c3c410aba4e4bc63fd6494bcb4f313 2024-02-07
FileHash-SHA256 b7f53c507a1aa4254b66a883285e27b42d65ea4ea4206fe674e0d03738f52141 2024-02-07
FileHash-SHA256 bc6ff1c783ecc91dcaf12296fedfe52f64f105847f7b67658f65192f7a4302a6 2024-02-07
FileHash-SHA256 c3bfaa1f52abdbb673d83af67090112dfdfe9ea8ff7a613f62bd48bace205f75 2024-02-07
FileHash-SHA256 c6765d92e540af845b3cbc4caa4f9e9d00d5003a36c9cb548ea79bb14c7e8f66 2024-02-07
FileHash-SHA256 c9743e7ffb6f6978f08f86e970ddb82e24920d266b32bd242254fbf51abfe6ce 2024-02-07
FileHash-SHA256 cb58bf466675be9e11cfb404503cb122514f47b9708d033e381f28a60535812c 2024-02-07
FileHash-SHA256 ccd19ef6e81e936fc944ebafaefd2ad99ccd11dd15fbc7d3460726bb38237595 2024-02-07
FileHash-SHA256 d5b1214f1817a16b2bc8a76daa48c9a3c5af0e411cf4f0c17b0e364d437a454b 2024-02-07
FileHash-SHA256 e2d19a23b19a07d35d16990e78c5cfaa3dd97b9ce92201f4db18a7da95fe6ff8 2024-02-07
FileHash-SHA256 e326c1b9e61cca6823300158e55381c6951b09d2327a89a8d841539cad3b4df3 2024-02-07
FileHash-SHA256 e6020d7212bb1661019c6bcb57118a244af81f6473187551b20c9436462402fe 2024-02-07
FileHash-SHA256 e64b185c149cb523d13cb46ea3911e2c0595b6f10ae86e6a14b15e8d45c0cdcb 2024-02-07
FileHash-SHA256 ea9b0dee3b7583ce60bba277e2189acb660284abf6b3b9273b6a60c85b0a5ce3 2024-02-07
FileHash-SHA256 f2814a4b3796fb44045c33b9d0d9972bf40478e5bc74b587486900c6cfa02f3d 2024-02-07
FileHash-SHA256 fdebccc2249b080b79dbee888df1a1fa4c34b8947d8d70efbfe6dc3464b26777 2024-02-07
FileHash-SHA256 ff44e502bd5ea36e17b3fc39b480e65971b36002f27fb441e4acadd6bf604a20 2024-02-07
URL http://1.79.185.145/pdf/data3.zip/pdf3.cpl 2024-02-07
URL http://51.79.185.145/pdf/data.zip/docusign_pdf.cpl 2024-02-07
URL http://51.79.185.145/pdf/data1.zip/pdf1.cpl 2024-02-07
URL http://51.79.185.145/pdf/data2.zip/pdf2.cpl 2024-02-07
URL http://51.79.185.145/pdf/data3.zip/pdf3.cpl 2024-02-07
URL http://51.79.185.145/pdf/data4.zip/pdf4.cpl 2024-02-07
URL http://51.79.185.145/pdf/kay.zip/kay.cpl 2024-02-07
URL http://wdkiller.com 2024-02-07
domain ponies.cloud 2024-02-07
domain wdkiller.com 2024-02-07
email john.mocally174@40mail.ru 2024-02-07
References (1)
↗ https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf