A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, even Formbook uses the Chinese box trick
Formbook also uses the Chinese box trick. The “AEL-ADANI.ace” attachment of an order-themed email contains the “out.ace” file with the “AEL-ADANI” exe inside: the malware
Even Formbook, after AgentTesla, uses the Chinese box trick in a new “Order” themed campaign.
The “AEL-ADANI.ace” attachment contains the “out.ace” file with the “AEL-ADANI” exe inside: the malware. Formbook, through the keylogger function, is able to acquire everything that the user types. Furthermore, it can steal email and browser credentials as well as take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.
Malware C2
Related Posts
