

VMware Releases Patches for Cloud Foundation, vSphere ESXi, and vCenter Server
June 18, 2024
Multiple Palo Alto Networks Vulnerabilities
June 19, 2024
VMware Releases Patches for Cloud Foundation, vSphere ESXi, and vCenter Server
June 18, 2024
Multiple Palo Alto Networks Vulnerabilities
June 19, 2024Severity
Medium
Analysis Summary
FormBook is an infostealer malware that was first identified in 2016. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, and downloads, and executes stealthier malware in response to orders from a command-and-control server (C2).
Formbook is known for its versatility, as it can be customized to target specific systems or applications. It is also designed to evade detection by security software, using techniques such as code obfuscation and encryption.
It disguises its original payload and injects itself into legitimate processes to avoid detection and complicate the removal process. The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc. This malware was used by cyber threat actors to attack Ukrainian targets in 2022 during the conflict between Russia and Ukraine. Currently, it is believed that the virus known as XLoader is Formbook's successor.
To protect against Formbook and other malware, it is important to keep software up-to-date, use strong passwords, and be cautious when downloading software or opening email attachments. Antivirus and anti-malware software can also help detect and remove Formbook infections.
Impact
- Credential Theft
- Data Theft
- Keystroke Logging
Indicators of Compromise
MD5
- 02e07416de23472dfcc5a97ea6c94fab
- 616b848d17252f7dae4de86383d25bee
- 47b6f5c41eac8d907383975519acd23f
- 361a4169a2fd7a72f3e2c10d6010fab4
- ec1e93e43b77eb8592ca10f44c8ace85
- fe70e8783eb1837c5c28cc082ee749a8
- a494e3769a2f84e1338583c536444d2b
SHA-256
- 2921703b5b2148ca96cc58270ac0adeaa7842687c1c05b09cf439940d1ce43e9
- bfad1fc041e176f9335d91cc4480e2c373d29354a33f5039212afe9e6d879978
- c73a128c7037b9e0a9a545bcf51c3ca925d2d436caa1c2953f9807cae73de26c
- a63797919b66fc30d94d53f8b70851e6c855a83a166352b2cfba26869c585ea3
- c2c188b3ff0f0b7b0da1cb5f01ce78291e8094d7509ec04c18de72e3ebb57564
- cfd4324de6c91dbfea652dd783df83e562bbb9977664d8f0534aeb40bb41fa1d
- 377df318502b404bf7b0a8cb059aa3eba749e06b366e13c393ebfd588b4a6b7b
SHA1
- c309be3db34b541f5b32bb0b811b8eea8b819a3d
- 797200ae77088b2c2f842bf48e73cfd46085b81b
- 2350d6620178aa2afe7fed95155d9eeacb01b20f
- 10af68a54129849bb48785bff098343dc1d72df7
- 6fa67794a3ef0dbedb314b4f919104888bf1cfbf
- 1d5a5a72cb1fa624307f4420d50db27e11cc06fe
- 50e68f707dce4a35bd6a140efbe33c26c780f0ae
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Enable two-factor authentication (2FA) on your accounts adds an extra layer of security and can help prevent unauthorized access even if your login credentials have been stolen.
- Regularly backing up your important data can help ensure that you don't lose any critical information in the event of a malware infection or other data loss event.
- Be wary of emails, attachments, and links from unknown sources. Also, avoid downloading software from untrusted sources or clicking on suspicious ads or pop-ups.
- Make sure all of your software, including your operating system and applications, is up-to-date with the latest security patches. This can help prevent vulnerabilities that could be exploited by malware.