Infostealer Malware FormBook Spread via Phishing Campaign – Part I

    Wednesday, April 23, 2025 In: Threat Research Print

    Date: 04/23/2025

    Severity: Critical 

    Summary

    We observed a phishing campaign in the wild distributing a malicious Word document attachment crafted to exploit the CVE-2017-11882 vulnerability. Upon deeper analysis, we identified that the campaign was delivering a new variant of Formbook malware. Formbook is an info-stealer targeting Windows systems, designed to harvest sensitive data such as stored credentials, keystrokes, screenshots, and clipboard content from infected devices.

    Indicators of Compromise (IOC) List

    Domains\URLs :

    https://www2.0zz0.com/2025/02/02/10/709869215.png

    Hash : 

    93CF566C0997D5DCD1129384420E4CE59764BD86FDABAAA8B74CAF5318BA9184

    7C66E3156BBE88EC56294CD2CA15416DD2B18432DEEDC024116EA8FBB226D23B

    2E73B32D2180FD06F5142F68E741DA1CFF1C5E96387CEBD489AD78DE18840A56

    6AC778712DFFCE48B51850AC34A846DA357BE07328B00D0B629EC9B2F1C37ECE

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Domains\URLs :

    domainname like "https://www2.0zz0.com/2025/02/02/10/709869215.png" or url like "https://www2.0zz0.com/2025/02/02/10/709869215.png" or siteurl like "https://www2.0zz0.com/2025/02/02/10/709869215.png"

    Hash : 

    sha256hash IN ("7C66E3156BBE88EC56294CD2CA15416DD2B18432DEEDC024116EA8FBB226D23B","2E73B32D2180FD06F5142F68E741DA1CFF1C5E96387CEBD489AD78DE18840A56","93CF566C0997D5DCD1129384420E4CE59764BD86FDABAAA8B74CAF5318BA9184","6AC778712DFFCE48B51850AC34A846DA357BE07328B00D0B629EC9B2F1C37ECE")

    Reference:    

    https://www.fortinet.com/blog/threat-research/infostealer-malware-formbook-spread-via-phishing-campaign-part-i


    Tags

    MalwareThreat ActorFormBookPhishingCVE-2017Exploit

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.