A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, RFQ from Thailand via China carries Formbook
RFQ from Thailand via China conveys Formbook. The email gz attachment contains an exe file: the malware
An RFQ from Thailand and a false report from China are the baits for a new Formbook campaign.
The gz attachment contains an exe file: the malware. Formbook, through the keylogger function, is able to acquire everything that the user types. Furthermore, it can steal email and browser credentials as well as take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.