← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Facebook Advertising Spreads Novel Malware Variant
WHITE Liu Kong toporokis 2024-02-07 Modified: 2024-03-08
150
IOCs
HIGH VOLUME
In early December, Trustwave SpiderLabs discovered a new malware named Ov3r_Stealer designed to steal credentials and crypto wallets. The initial attack vector was a weaponized PDF file distributed via Facebook ads. Once executed, the malware establishes persistence and exfiltrates data to a Telegram channel. The malware shares similarities with Phemedrone, an open-source malware written in C#. The investigation uncovered affiliations between the threat actors and hacking forums where malware is developed and cracked software is shared.
telegramov3r_stealerfacebookcrypto walletinformation stealerphemedrone
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Ov3r_Stealer Phemedrone
Indicators of Compromise (52 / 150 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 010fb68e7589b24c1da35f9533f84bf8 2024-02-07
FileHash-MD5 02bc92c06bd8bef8d15c410fa457b89d 2024-02-07
FileHash-MD5 060d92492f06174c81d1707bb5961c35 2024-02-07
FileHash-MD5 08c16f5196aaeacdcc46f10e82e7c47b 2024-02-07
FileHash-MD5 092566470d8f8ffd8e0e70c34229882e 2024-02-07
FileHash-MD5 0c33eafc7d9cb3abf6048ca98a5d2db9 2024-02-07
FileHash-MD5 1006ad7046f065da16102c3cb5e6bcb9 2024-02-07
FileHash-MD5 1210c904bb5986a63605a29cc54c47d9 2024-02-07
FileHash-MD5 15a38db72e97b9f5b5a5737dd23571bd 2024-02-07
FileHash-MD5 24da08be82f439c3230d0b16b275902f 2024-02-07
FileHash-MD5 3b33cead1847d254bb4d0e614c32a9b8 2024-02-07
FileHash-MD5 3c490e342c30710834f21cbdadf80897 2024-02-07
FileHash-MD5 43412a035847649c4fb2daa6de336d86 2024-02-07
FileHash-MD5 477c0ed261ad6db5eb250b0efccf963a 2024-02-07
FileHash-MD5 48a2fca4599cd29531cb62cfb5534478 2024-02-07
FileHash-MD5 4a328bdd8568261a14ebfff4eb6ffd2f 2024-02-07
FileHash-MD5 4afa1df89ec91d1e81020b9f42da43dc 2024-02-07
FileHash-MD5 534f90adf294faf90a293abfc4ac2f26 2024-02-07
FileHash-MD5 58c966c06d908017264506dbe2dd7e45 2024-02-07
FileHash-MD5 5c2dc3e1af236cafc798c517414be70d 2024-02-07
FileHash-MD5 5d39a9e99b58faf99cae275723c9168e 2024-02-07
FileHash-MD5 65367d9e4f93700cdeab9af35559220e 2024-02-07
FileHash-MD5 739ede4370b88e60a1d872a1735f3923 2024-02-07
FileHash-MD5 7f6fff7a288e53c8d2400140eb88d0b7 2024-02-07
FileHash-MD5 84ecef7410ea267b103f21ad14bc7fb0 2024-02-07
FileHash-MD5 8791b4003e5ae1cab92600667b2a761b 2024-02-07
FileHash-MD5 88e38e212591ffaf3c3400b22b8988d6 2024-02-07
FileHash-MD5 8904d6ad569095ef6fb1dab561edc420 2024-02-07
FileHash-MD5 8ab90b8cb6e7b2f04e132cc58a2f5b99 2024-02-07
FileHash-MD5 905430fd2cba63713c5d5f625bc6fe5f 2024-02-07
FileHash-MD5 906509861bd74330c15f3c669b0a4c04 2024-02-07
FileHash-MD5 9cbed436d083dd76efcdfee8cbb4bafa 2024-02-07
FileHash-MD5 a7de3969e3f09f2b076d67a3daf9edad 2024-02-07
FileHash-MD5 a8fd240af0ab05e5496afb0d6df0223c 2024-02-07
FileHash-MD5 af0ce315ea226f4b07d7e3fac1b69846 2024-02-07
FileHash-MD5 b042b2a8981a94b7afe680d94808e9f8 2024-02-07
FileHash-MD5 b6627a1ba0ff5b3352990518bda0f2d5 2024-02-07
FileHash-MD5 b8e3dbe739e9f09ebb5fd20740c0b7ca 2024-02-07
FileHash-MD5 bcbce22d8b56f857429a83c40551c8bf 2024-02-07
FileHash-MD5 be4374488e218bf1915395b84d6c07b5 2024-02-07
FileHash-MD5 c6bfdeed6ebec0917e665349ba4cc83b 2024-02-07
FileHash-MD5 c86f71dafb6589dc711dd2bc27373f5a 2024-02-07
FileHash-MD5 c90b04b9184f91575d4f12320b4a65ab 2024-02-07
FileHash-MD5 d06e91a847f4303ca417ec131ac8c038 2024-02-07
FileHash-MD5 e07a3cd4e1d663e2f94baa5d4ff1b28b 2024-02-07
FileHash-MD5 eaa6f5129a23cb51029615b68a9ca792 2024-02-07
FileHash-MD5 ee463be74f3ae743f11a97fd009eef63 2024-02-07
FileHash-MD5 f424e8b32ca6ad7153f706ed1a0bc0af 2024-02-07
FileHash-MD5 f52c10457c584f1b136fd7922a565c32 2024-02-07
FileHash-MD5 fbf7e29cb108587f5abbf6b7f91a1ddd 2024-02-07
FileHash-MD5 fe7b790b033aa60212249a2c47891041 2024-02-07
FileHash-MD5 ff5ca0f3559c69326ac32d191c4e2380 2024-02-07
References (1)
↗ https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf