2018-06-20 Formbook Malspam
For this post, I was able to find some Formbook malspam within the email filters. Formbook malware is considered to be a data theft/form grabber with some other add-ons under it’s tool belt. Based on the following deep dives into Formbook from FireEye (http://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html) and ThisIsSecurity (http://thisissecurity.stormshield.com/2018/03/29/in-depth-formbook-malware-analysis-obfuscation-and-process-injection/), this malware sample follows the patterns described pretty closely (pay particular attention to the process injection section from FireEye). The email itself was about an invoice that needed to be reviewed. There was a RAR file as an attachment which, un-compressed, showed there was an EXE file inside. This is the file that…