AdsExhaust, a Newly Discovered Adware MasqueradingOculus…

June 24, 2024, 4:52 p.m.

Description

In June 2024, the eSentire Threat Response Unit (TRU) identified adware, which we have dubbed AdsExhaust, being distributed through a fake Oculus installer application. The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes.

External References

https://www.esentire.com/blog/adsexhaust-a-newly-discovered-adware-masquerading-oculus-installer
https://otx.alienvault.com/pulse/6679a04b24627f76b7740246
Tags
phishing
powershell
c2 server
download
2024-06-24
urls
adsexhaust

Date

  • Created: June 24, 2024, 4:35 p.m.
  • Published: June 24, 2024, 4:35 p.m.
  • Modified: June 24, 2024, 4:52 p.m.

Indicators

  • f2f850b85a72fa3bbf7ca45cd29e25439f04ba1955bc404ca0a4311b54395f61
  • dbec6c1be971c1cca4e98e73e3fa0db1a032813614f308bdc52c18c41c6675b8
  • c4a1cd46c8d2ebfc08e4af584a64fee54f73020e0f2dc84dc20c1b195a954519
  • 962024ea6f85ca97adbd7ec55686579185f1cb5ce7dd7e722edd2a91d6872e91
  • 95133896517b80620f4c81af332d258da5b7d50413b30eac1cf3808e511210a1
  • 84af73ad559d67741eeba4b7b0b286a223bb5137d8edae11673d37a4c068c62e
  • 79e8beff1589349e078b88496c469a84ccaeb00e176bdf39dc14811bb4c1a8c7
  • 7c97c864aceff6ad7df548882a57165655c72f682313f3c59c5d8be37cea24fc
  • 70364ea952ea4e7d60bbe0e87f288528f22e2f780179ac36ee101e1b335ea622
  • 6dccb5e247c3117cb12b5f411d29b2c4bfa1f0230cd2b43bd4497671bb0f7f82
  • 52c81cc2729ee702ed3803bbb94213a42fe4632f61abd4300ba8157f512be1df
  • 351fa3e33d607ff77548ba6422ac0a5264fb3e847e65996d3ef4faefc2a738c5
  • 1818a0062898b94dfccada9127d7d6af44bf663cb298759bef4447c43798e082
  • 30b32288db0cde0156fe1e43db15b87ee71d14f2e9610180f27886e1ef20f9f1
  • 04c74048c5be59ceb2e35d5538b72f3328a268953dfbe1f287285f1dbb7e1dfa
  • life2vec.io
  • oculus-app.com
Download all indicators here!

Attack Patterns

  • TA0011
  • T1566
  • T1059