February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Nefilim/Nephilim Ransomware Campaign
June 22, 2020
Analysis on Sidewinder APT Group – COVID-19
June 22, 2020Rewterz Threat Alert – Nefilim/Nephilim Ransomware Campaign
June 22, 2020Analysis on Sidewinder APT Group – COVID-19
June 22, 2020
Severity
Medium
Analysis Summary
FormBook is an information-stealer malware that has been active since 2016. The info-stealer malware’s capabilities include stealing credentials, capturing screenshots of victim’s desktop, monitoring clipboard, keystroke logging, clearing browser cookies, downloading and executing files, uploading and removing bots, launching commands via ShellExecute, downloading and unpacking ZIP archive, rebooting and shutting down the system. The attackers behind these email campaigns used a variety of distribution techniques to deliver the FormBook info-stealer, including PDFs, Office Documents, ZIP, RAR, ACE or ICO attachments, as well as shortened URLs.
Impact
- Credential theft
- Keystroke logging
- Clear browser cookies
- System Reboot
- Exposure of sensitive data
Indicators of Compromise
MD5
- 0971748597ae1adb6249e6c3c05331b3
- 6e3f42e727b0ce5defb1e7ef7a5c7719
SHA-256
- 1b2ffcf595970b69b94816a16890b7f0664f00dfea87fbc0df5abe453baedd41
- 7d7ed3c072fa7c497d96ae8559d877713278100e6e221bb913878665088965fa
SHA1
- 6d33e943c68fd6ae65aea72b500277fdf73265d7
- 116fcb450a2898e18e531da48a43f825fa2a9f27
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.