Get A Quote
Threat Report: Formbook Phishing Campaign with Old Payloads

Threat Overview

A recent phishing campaign has been observed delivering Formbook stealers through email attachments, as reported by AlienVault on January 7th, 2025. This report provides an analysis of the attack and recommendations for mitigation.

The malware employs multiple stages and steganography to hide malicious files inside images. The infection chain involves three stages before the final payload: Purchase Order.exe, Arthur.dll, and Montero.dll.

Attack Details

The attack begins with a spear-phishing email containing a purchase order and a zip file attachment. Once executed, the malware uses various evasion techniques such as process hollowing, mutex creation, adding itself to exclusion paths, creating scheduled tasks for persistence, downloading additional payloads, or receiving commands from the threat actor’s C2 server.

The final payload is a highly obfuscated 32-bit MASM compiled binary.

Threat Actor Group

The short description of the actor group behind this campaign is not provided in the report.

Threat Level and Reliability

The confidence level for this threat is rated as 100, and the reliability of the report is verified. The revoke status is false.

Recommendations

Based on the threat report, several recommendations can be made:

* Educate users to Spot Phishing Emails: Train employees to recognize phishing emails and avoid opening suspicious attachments.

* Implement Email Filtering Solutions: Use advanced email filtering techniques to block malicious emails before they reach user inboxes.

* Keep Systems Updated: Regularly update software packages to protect against known vulnerabilities exploited by malware.

* Monitor for Suspicious Activity: Use threat intelligence platforms and security monitoring tools to detect anomalies and potential infections in your network.

Connected Elements\

There are 30 connected elements present in the report.

External References

Additional information about this campaign can be found at:

* Seqrite Blog: https://www.seqrite.com/blog/formbook-phishing-campaign-analysis/

 

 

Discover more from ESSGroup

Subscribe to get the latest posts sent to your email.

essadmin
09 Jan 2025
Comment 0
Categoty: 
  • CTI News
  • Report

    • Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    News & Blog

    Related Blog

    Lorem Ipsum is simply dummy text of the printing and typesetting
    industry. Lorem Ipsum has been the industry's

    Empowering communities through knowledge, collaboration, and open dialogue. Join us in making a difference!


    Programs

    Menu

    Usefull Links

    Menu

    Contact

    Copyright ©2024 ESSGroup. All Rights Reserved