Rewterz Threat Alert – FormBook Malware – Active IOCs

Severity

Medium

Analysis Summary

FormBook is an infostealer malware that was first identified in 2016. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, and downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). It disguises its original payload and injects itself into legitimate processes to avoid detection and complicate the removal process. The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc. This malware was used by cyber threat actors to attack Ukrainian targets in 2022 during the conflict between Russia and Ukraine. Currently, it is believed that the virus known as XLoader is Formbook’s successor.

Impact

• Credential theft
• Keystroke logging
• Data Theft

Indicators of Compromise

MD5

• 0b1be21b3b22cbe8dcfb7a82f1ba9386
• 3cff84e243957c2dba7a7a0fbc6101e0
• 83cabd4d14868ed8fcdc8eb74758086a
• 8424122b45bd82aa6139bf6837345f3a
• b5eec08eec9efa119e2f9949af7e1a77

SHA-256

• a48809d2b7ad12294202d50f412d48e3daf3d9b7e134e3060ce3eca0b6be47ba
• e8c840c6da88bc986e650556d0675c967e1e8b1b43a538d4673f9915ba236653
• f34e497fe687084d19758d9de0549153a47882dae06f4290ef8c57f656dbc53a
• 29f937f5b4b59c8332548e8e5db00239608eafbcb63d026ed9a7d39e2acbb126
• 7bf0823fc68f393a6012fd33b5dc5fb0f0ee74f95e58d7948eafe5cb1610322d

SHA-1

• 38a27c0e235b22772b1b6c7a0014e963a27227ba
• 3a4d71c69b63a7b9e4cf2adf8c215b39dae6819f
• 75a6eca4371b281b907422e676d4679f2d54d7b2
• 5466d52a9c1e7bfdc17e371b66e5e178af42116e
• 26e38155ac1efa077a432d2d0f9385e0759059bb

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.