Rewterz Threat Alert – Formbook Malware Continues to target Victims via Phishing Emails

Rewterz Threat Alert – Private Information on Google Calendars Publicly Exposed and Exploited

September 18, 2019

Rewterz Threat Alert – TFlower Ransomware Targeting Businesses

September 18, 2019

Rewterz Threat Alert – Formbook Malware Continues to target Victims via Phishing Emails

Severity

Medium

Analysis Summary

A new campaign that uses the Formbook malware, masquerading as an order inquiry through phishing emails.

Inside this email is a malicious word document that contains a highly obfuscated macro that once executed launches PowerShell. It then downloads and executes the “cripted.exe” file which is the final stage Formbook malware. PowerShell is also utilized to execute the Microsoft .Net C compiler, to create future code for the malware. Formbook is a notorious information stealer that is available for purchase on underground markets.

Impact

Credential theft
Exposure of sensitive information

Indicators of Compromise

IP(s) / Hostname(s)

104[.]168[.]220[.]170

Malware Hash (MD5/SHA1/SH256)

5e343cf889994324a4232666cab81a49a41aa99cb48e2efb1593a5c79e18010e
8d644d27a9332b773dce7307b348c09e
C60270131A806EBC96998A610FB99194

Remediation

Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on the link/attachments sent by unknown senders.

Rewterz Threat Alert – Private Information on Google Calendars Publicly Exposed and Exploited

Rewterz Threat Alert – TFlower Ransomware Targeting Businesses

Rewterz Threat Alert – Formbook Malware Continues to target Victims via Phishing Emails

Severity

Analysis Summary

Impact

Indicators of Compromise

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan