MarioShop - Phishing Kit Author

#MarioShop #PhishingKitAuthor #phishing #phishingkit
@Beeker51 documented an Adobe password stealing phishing kit that was created by MarioShop.
It may contain text like
    Created by Marioshop.us





It has a small number of files
index.html
invalid.php
send.php
\index_files










index.html posts password to invalid.php which utilizes ( jQuery capslockstate plugin , Copyright 2012 Jason Ellison ) which posts to send.php


It uses base64 encoded images instead of referencing external sites



@ActorExpose identical folder structure

folder structure

\index_files
\index.html 
\invalid.php (javascript code embedded into the php file like (uses jQuery capslockstate plugin , Copyright 2012 Jason Ellison, YUI 3.5.1 Copyright 2012 Yahoo))
   also has webshell code embedded like this
        eval(str_rot13(base64_decode('Pz48P3JwdWI....
\send.php (references ------------Created by Marioshop.us------------)






example 1
md5 2b588c77eae4f03ddd3dc1a1a306bde3
https://www.virustotal.com/#/file/2bb198265a158290c0474f4844a2d958295e9bc20f3e6ba0bd8f2b6b3b2c57bc/detection
http://eig-kristinjangro.com/document/Done.zip



References
https://twitter.com/Beeker51/status/1117574287928516610


example 2:
md5 cc0ff528f8899a28060c3f49ea289692
https://www.virustotal.com/gui/file/c24627e11a1bc373ee9438304d58cfd5042ff1efe621642a6886400ebd3e8982/details
miniawy[.]com

Comments

Popular Posts