Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part II | FortiGuard Labs
Tags
| cmtmf-attack-pattern: | Native Code |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Clipboard Data - T1414 Cmstp - T1218.003 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Rundll32 - T1218.011 Tool - T1588.002 Clipboard Data - T1115 Cmstp - T1191 Powershell - T1086 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | f45c5e06-ece0-4d79-8bcd-341e0a5b2727 |
| Fingerprint | 6d06cb51e8064451 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 21, 2021, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part II |
| Title | Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part II | FortiGuard Labs |
| Detected Hints/Tags/Attributes | 67/3/112 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 13 | addinprocess32.exe |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 30 | vmwareuser.exe |
|
| Details | File | 13 | vmwareservice.exe |
|
| Details | File | 42 | vboxservice.exe |
|
| Details | File | 44 | vboxtray.exe |
|
| Details | File | 9 | sandboxiedcomlaunch.exe |
|
| Details | File | 8 | sandboxierpcss.exe |
|
| Details | File | 74 | procmon.exe |
|
| Details | File | 29 | filemon.exe |
|
| Details | File | 71 | wireshark.exe |
|
| Details | File | 19 | netmon.exe |
|
| Details | File | 3 | prl_tools_service.exe |
|
| Details | File | 9 | prl_cc.exe |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 14 | vmsrvc.exe |
|
| Details | File | 14 | vmusrvc.exe |
|
| Details | File | 65 | python.exe |
|
| Details | File | 8 | perl.exe |
|
| Details | File | 22 | regmon.exe |
|
| Details | File | 51 | ipconfig.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 56 | iexplorer.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 87 | skype.exe |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 11 | whatsapp.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 40 | wuauclt.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 4 | wlanext.exe |
|
| Details | File | 8 | msg.exe |
|
| Details | File | 31 | lsm.exe |
|
| Details | File | 55 | dwm.exe |
|
| Details | File | 16 | help.exe |
|
| Details | File | 14 | chkdsk.exe |
|
| Details | File | 3 | cmmon32.exe |
|
| Details | File | 10 | nbtstat.exe |
|
| Details | File | 131 | spoolsv.exe |
|
| Details | File | 30 | rdpclip.exe |
|
| Details | File | 55 | control.exe |
|
| Details | File | 62 | taskhost.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 6 | systray.exe |
|
| Details | File | 16 | audiodg.exe |
|
| Details | File | 89 | wininit.exe |
|
| Details | File | 306 | services.exe |
|
| Details | File | 6 | autochk.exe |
|
| Details | File | 4 | autoconv.exe |
|
| Details | File | 2 | autofmt.exe |
|
| Details | File | 47 | cmstp.exe |
|
| Details | File | 16 | colorcpl.exe |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 3 | wwahost.exe |
|
| Details | File | 33 | msdt.exe |
|
| Details | File | 74 | mstsc.exe |
|
| Details | File | 3 | napstat.exe |
|
| Details | File | 76 | netsh.exe |
|
| Details | File | 46 | netstat.exe |
|
| Details | File | 5 | raserver.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 12 | wuapp.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 312 | calc.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 31 | microsoftedgecp.exe |
|
| Details | File | 73 | opera.exe |
|
| Details | File | 23 | safari.exe |
|
| Details | File | 2 | torch.exe |
|
| Details | File | 9 | maxthon.exe |
|
| Details | File | 3 | seamonkey.exe |
|
| Details | File | 6 | avant.exe |
|
| Details | File | 4 | dragon.exe |
|
| Details | File | 1 | icedragon.exe |
|
| Details | File | 1 | kmeleon.exe |
|
| Details | File | 1 | blackhawk.exe |
|
| Details | File | 2 | cyberfox.exe |
|
| Details | File | 10 | vivaldi.exe |
|
| Details | File | 2 | luna.exe |
|
| Details | File | 2 | epic.exe |
|
| Details | File | 2 | midori.exe |
|
| Details | File | 6 | palemoon.exe |
|
| Details | File | 2 | qtweb.exe |
|
| Details | File | 2 | qupzilla.exe |
|
| Details | File | 2 | ucbrowser.exe |
|
| Details | File | 2 | waterfox.exe |
|
| Details | File | 1 | poco.exe |
|
| Details | File | 2 | operamail.exe |
|
| Details | File | 2 | foxmail.exe |
|
| Details | File | 1 | incmail.exe |
|
| Details | File | 63 | thunderbird.exe |
|
| Details | File | 1 | barca.exe |
|
| Details | File | 1 | gmailnotifierpro.exe |
|
| Details | File | 3 | yahoomessenger.exe |
|
| Details | File | 4 | icq.exe |
|
| Details | File | 5 | pidgin.exe |
|
| Details | File | 1 | trillian.exe |
|
| Details | File | 1 | alftp.exe |
|
| Details | File | 1 | classicftp.exe |
|
| Details | File | 3 | coreftp.exe |
|
| Details | File | 6 | far.exe |
|
| Details | File | 10 | filezilla.exe |
|
| Details | File | 3 | flashfxp.exe |
|
| Details | File | 1 | fling.exe |
|
| Details | File | 3 | ftpvoyager.exe |
|
| Details | File | 16 | winscp.exe |
|
| Details | File | 1 | item3.jpg |