The message gz attachment contains an exe file: the malware itself. Stolen data is exfiltrated via FTP.
Technical analysis by the Malware Hunter JAMESWT
New wave of the invoice-themed Formbook campaign. The email .tar attachment contains an exe file: the malware itself
New wave of the global Formbook campaign via false invoice.
The email .tar attachment contains fin exe files: the malware itself. This, if opened, starts the chain of infection. The goal of cybercrime is to steal sensitive data from victims. Formbook, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.