Maxi Throne - Phishing Kit Author
#MaxiThrone #PhishingKitAuthor #phishing #phishingkit
Maxi Throne creates phishing kits that seem targeted at Dropbox passwords.
The kit may contain text like
Maxi Throne [.] COM
The file structure may be like
\.htaccess
\email.php
\email2.php
\emailerror.php
\kancha.php
\Processing.php
\redirt.php (misspelled the word redirect)
there is an instructional file "note.txt" that says "change your result email in email.php, email2.php, emailerror.php"
contains php geo lookup library
\geoplugin.class.php (geoPlugin (gp_support@geoplugin.com))
and it will have a sub-folder
\images\a1.png
\images\a2.png
\images\a3.png
\images\a4.png
\images\a5.png
\images\a6.png
\images\a7.png
\images\a8.png
example 1
md5 854e496ef1e921a216c6216cdee4c67d
https://www.virustotal.com/#/file/39ed77f000e7b594ee6e7ede3af68514999e93fb1078cf3880df09b4eaccbc05/detection
https://varalakshmisago.com/wp-includes/images/Drop_b.zip
references
https://app.any.run/tasks/8e44749d-ea30-412a-be92-8cc0fb0b04f4/ ( codiendogiaphat[.]com )
https://app.any.run/tasks/d1e88266-9a95-42fe-bfed-6f4dae8c0869/ (www.breitburd[.]com)
https://app.any.run/tasks/8cdc5e2c-e665-451e-aa20-3f061bc8feb2/ (whitewhale.syeanaa[.]com)
Maxi Throne creates phishing kits that seem targeted at Dropbox passwords.
The kit may contain text like
Maxi Throne [.] COM
The file structure may be like
\.htaccess
\email.php
\email2.php
\emailerror.php
\kancha.php
\Processing.php
\redirt.php (misspelled the word redirect)
there is an instructional file "note.txt" that says "change your result email in email.php, email2.php, emailerror.php"
contains php geo lookup library
\geoplugin.class.php (geoPlugin (gp_support@geoplugin.com))
and it will have a sub-folder
\images\a1.png
\images\a2.png
\images\a3.png
\images\a4.png
\images\a5.png
\images\a6.png
\images\a7.png
\images\a8.png
example 1
md5 854e496ef1e921a216c6216cdee4c67d
https://www.virustotal.com/#/file/39ed77f000e7b594ee6e7ede3af68514999e93fb1078cf3880df09b4eaccbc05/detection
https://varalakshmisago.com/wp-includes/images/Drop_b.zip
references
https://app.any.run/tasks/8e44749d-ea30-412a-be92-8cc0fb0b04f4/ ( codiendogiaphat[.]com )
https://app.any.run/tasks/d1e88266-9a95-42fe-bfed-6f4dae8c0869/ (www.breitburd[.]com)
https://app.any.run/tasks/8cdc5e2c-e665-451e-aa20-3f061bc8feb2/ (whitewhale.syeanaa[.]com)
Comments
Post a Comment