CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign [Monday, January 15, 2024]

trendmicro covers Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defe...
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign [Monday, January 15, 2024]
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
Report

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Description :
trendmicro covers Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.

Published Created Modified
2024-01-15 10:19:14 2024-01-15 10:19:14 2024-01-15 10:28:12

Tags

Indicators

IPv4s :
  • 51.79.185.145
URLs :
  • http://51.79.185.145/pdf/data3.zip/pdf3.cpl
  • http://51.79.185.145/pdf/data.zip/docusign_pdf.cpl
  • http://51.79.185.145/pdf/data1.zip/pdf1.cpl
  • http://51.79.185.145/pdf/data2.zip/pdf2.cpl
  • http://51.79.185.145/pdf/kay.zip/kay.cpl
  • http://51.79.185.145/pdf/data4.zip/pdf4.cpl
Malwares :
  • Phemedrone
Hashes :
  • f32964087462ba3c96a87ee8387f89de8fa605f2f5bb84cb5f754cd736683f2d
  • 1433efd142007ce809aff5b057810f5a1919ea1e3ff740ff0fcc2fc729226be5
  • 6bd8449de1e1bdd62a86284ed17266949654f758e00e10d8cd59ec4d233c32e5
  • b7980f64f892d70b1cd72a8c80f8319f50c3c410aba4e4bc63fd6494bcb4f313
  • 2aeb65239a890e6b070957136681600ca33584e578816faeab471a5e11004538
  • 815b2125d6f0a5d99750614731aaad2c6936a1dc107a969408a88973f35064c0
  • 4446d5b475ce8aed5244da917ae42b6cb9744ffc4efd766af8e4dee7dd5a3e19
  • 4a36cc607ca5c2acc536510fd1b0ddd43a9403dac168d2420d474611909ed9e6
  • a841cd16062702462fdffdd7eef9fc3d88cde65d19c8d5a384e33066d65f9424
  • 89caa1568fcff162086dae91e6bd34fd04facba50166ebff800d45a999d0be8b
  • b37ec923451dd15a0f68df0b392b0f1b243fe50c709de9e574ac14cf6fabdd53
  • f9e208714ffc862f97cb6363fb887f11fda0020802a020a56a571c4195114854
  • 7c0a1e11610805bd187ef6e395c8fa31c1ae756962e26cdbff704ce54b9e678a
  • 188c72f995ebd5e1e8d0e3b9d34eeeec2ec95d4d0fee30d2ea0f317ab1596eef
  • 69941417f26c207f7cbbbe36ce8b4d976640a3d7f407d316932428e427f1980b
  • 5edd3e4b0cc773a06fe9f1a8177f99239a105079f23eb7707c225be4867160df
  • e326c1b9e61cca6823300158e55381c6951b09d2327a89a8d841539cad3b4df3
  • e64b185c149cb523d13cb46ea3911e2c0595b6f10ae86e6a14b15e8d45c0cdcb
  • d5b1214f1817a16b2bc8a76daa48c9a3c5af0e411cf4f0c17b0e364d437a454b
  • 08ea24126262ff865a1ab0c79f20e41e9e53896d9cda8e0c374c077f5a500b00
  • c6765d92e540af845b3cbc4caa4f9e9d00d5003a36c9cb548ea79bb14c7e8f66
  • c3bfaa1f52abdbb673d83af67090112dfdfe9ea8ff7a613f62bd48bace205f75
  • ab8a5d275414768c20bd9a8a0e434c4b8fe7c0bd8006c3b5f69cc80b7fe57cb1
  • ad513d2cba6cc82a50ee6531b275e937480d8fee20af2b4f41da5f88e408a4e9
  • ccd19ef6e81e936fc944ebafaefd2ad99ccd11dd15fbc7d3460726bb38237595
  • ea9b0dee3b7583ce60bba277e2189acb660284abf6b3b9273b6a60c85b0a5ce3
  • b60477e0a798182a1dc0ea65def7305b111ce06a398667a1c567b3f9afd253b2
  • f24a8b3144e89b9bececfbf76add87ddefbd19a024a85692026e97f3a9911902
  • 5f0ff1fd6ca89a0ddd3178e023dea8f79ff3c3f3d8ff7900378eb014e83ed326
  • 6e8b316f2112cfaf27bc8cf35089098e4a0f2d16054e8d199c13588c31b2e383
  • 9b9ba722b314febfc44919551a03dde1539f115333183c2cb5e74b8e644ba5b3
  • 5ecad303475e180f8879871d8571d1a7eeb99e0b3c63cc77fdd02cb9b8c51211
  • 26a68927b4c05c243d910f3a5ebcf2c6ec43bcb7f460acd45891b3b21b308cdc
  • 1c53dffcb4c474a2b08708609466e7d234d6d51139b6532af54fac5bb8d37415
  • cb58bf466675be9e11cfb404503cb122514f47b9708d033e381f28a60535812c
  • 5f1a027f1c1468f93671a4c7fc7b5da00a3c559a9116f5417baa6c1f89550d9f
  • 8b73d7aa8bb8db8a9ecbf9f713934fbbb5caf4745d7a61a6f34a100c4d84fd9d
  • ff44e502bd5ea36e17b3fc39b480e65971b36002f27fb441e4acadd6bf604a20
  • c9743e7ffb6f6978f08f86e970ddb82e24920d266b32bd242254fbf51abfe6ce
  • 568b4b868b225f06bb34da0dc23603c9dedccc2b319353407c814983d5322563
  • 4ae28a44c38edc516e449ddd269b5aa9924d549d763773dcd312b48fe6bb91ab
  • acf93c3a4f79068689d20d197ac297533dc28d94bb93f4ec1021c7c258c8dbda
  • b7f53c507a1aa4254b66a883285e27b42d65ea4ea4206fe674e0d03738f52141
  • 80f88566fda41ebc1b4e35d89748a804740bba0d03049c33c536cffd5e0491e2
  • 3a34cd3a3221d83a1cca8913b2afbb5b780027d48b44d3ce15dfe4a402064871
  • 9a96406ae06b703d827fffd1f1ced0781f89ca2af6d5041721e9fbd2647c8430
  • 70c23213096457df852b66443d9a632e66816e023fdf05a93b9087ffb753d916
  • e2d19a23b19a07d35d16990e78c5cfaa3dd97b9ce92201f4db18a7da95fe6ff8
  • 4da33c7fe62f71962913d7b40ff76aff9f1586e57db707b3d6b88162c051f402
  • 348aea633c99e5f6a0ac7b850961be0a145a35678e5bd074b4852f7a2419f518
  • 40c6fa38e44e00d8cf113d0a079cd46f8b7654331f12e50d2af5a9f1ddc6d266
  • 480fae3bdc2604cba846779dd7dced95b3ce036bdef629ded247771a2e4d5d58
  • 22236e50b5f700f5606788dcd5ab1fb69ee092e8dffdd783ac3cab47f1f445ab
  • f2814a4b3796fb44045c33b9d0d9972bf40478e5bc74b587486900c6cfa02f3d
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.