Files packaged with Excel-DNA from which a dll containing 2 urls pointing to Discord is extracted. These download data files and encode them with XOR creating additional DLLs, which initiate the malware infection.
Technical analysis by the Malware Hunter JAMESWT
New Formbook campaign via “partial payment”. The rar attachment contains a COM executable, the malware itself. Objective: to steal sensitive data from victims
New Formbook campaign via “partial payment”.
The email contains a compressed attachment in rar format with a COM executable file inside: the malware itself. This, if opened, starts the chain of infection. The goal of cybercrime is to steal sensitive data from victims. Formbook, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.