2019-05-20 - MALSPAM PUSHES FORMBOOK

ASSOCIATED FILES:

  • 2019-05-19-malspam-pushing-Formbook-1807-UTC.eml   (323,861 bytes)
  • 2019-05-20-Formbook-infection-traffic.pcap   (2,416,560 bytes)
  • 2019-05-19-Formbook-malspam-email-attachment.rar   (235,629 bytes)
  • 2019-05-19-Formbook-EXE-extracted-from-malspam-attachment.exe   (471,040 bytes)
  • 2019-05-20-Windows-registry-update-to-keep-Formbook-persistent.txt   (578 bytes)

 

EMAIL


Shown above:  An example of Formbook malspam from Sunday, 2019-05-19.

 

TRAFFIC

 


Shown above:  Traffic from an infection filtered in Wireshark.

 

TRAFFIC FROM AN INFECTED WINDOWS HOST:

 

FILE HASHES

MALWARE RETRIEVED FROM MY INFECTED WINDOWS HOST:

 

IMAGES


Shown above:  Malware and artifacts from an infected Windows host.

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.