Technical analysis by the Malware Hunter JAMESWT

The “Order Inquiry” mail conveys the Formbook. The xls attachment contains a script that activates the malware in memory. Objective: to steal sensitive data from victims

“Order Inquiry” is the subject of an email that cybercrime has spread to convey Formbook.

The xls attachment contains a script that activates the malware in memory.

Objective: to steal sensitive data from victims. Formbook, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.

Malware C2